CVE-2017-12785

Name of the Vulnerable Software and Affected Versions NoviWare versions through NW400.2.6

Description The issue is related to a buffer overflow in the show log cli command of the novish command-line interface, which is part of the NoviWare software distribution. This could allow a read-only user to gain privileged code execution on the switch via command injection. The vulnerability can be exploited by a remote attacker with read-only access to gain superuser privileges.

Recommendations For NoviWare versions through NW400.2.6, consider disabling the show log cli command as a temporary workaround until a patch is available. Restrict access to the novish command-line interface to minimize the risk of exploitation. Avoid using the show log cli command in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.