CVE-2017-12786

Name of the Vulnerable Software and Affected Versions NoviWare versions through NW400.2.6

Description The issue arises from a bug in the NoviWare software distribution when applying ACL modifications, which can inadvertently expose network interfaces of the cliengine and noviengine services. This exposure can be leveraged by remote, unauthenticated attackers to gain privileged code execution on the switch due to a stack-based buffer overflow during the unserialization of packet data. The vulnerability is caused by incorrect handling of unserialized network packets, leading to a buffer overflow on the stack. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code during ACL modifications using specially crafted network packets.

Recommendations For NoviWare versions through NW400.2.6, as a temporary workaround, consider restricting access to the ACL modification functionality until a patch is available. Avoid applying ACL changes from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.