CVE-2017-6650

Name of the Vulnerable Software and Affected Versions Cisco NX-OS System Software versions 7.1 through 7.3

Description A vulnerability in the Telnet CLI command could allow an authenticated, local attacker to perform a command injection attack due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command, potentially allowing them to read or write arbitrary files at the user's privilege level outside of the user's path.

Recommendations For Cisco NX-OS System Software versions 7.1 through 7.3, consider disabling the Telnet CLI command until a patch is available to prevent command injection attacks. Restrict access to the Telnet CLI command to minimize the risk of exploitation. Avoid using crafted command arguments in the Telnet CLI command until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.