Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-12787

A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.351
EPSS Ranking 96.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Products affected by CVE-2017-12787


Contact Us

Shodan ® - All rights reserved