NoviFlow NoviWare <= NW400.2.6 multiple vulnerabilities Introduction ========== NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant switch software developed by NoviFlow and available for license to network equipment manufacturers. Multiple vulnerabilities were identified in the NoviWare software deployed on NoviSwitch devices. They could allow a remote attacker to gain privileged code execution on the switch (non-default configuration) or a low-privileged CLI user to execute code as root. CVEs ===== * CVE-2017-12784: remote code execution in novi_process_manager_daemon Indicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) * CVE-2017-12785: cli breakout in novish Indicative CVSS v2 base score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) * CVE-2017-12786: remote code execution in noviengine and cliengine Indicative CVSS v2 base score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Affected versions ============== NoviWare <= NW400.2.6 and devices where a vulnerable NoviWare version is deployed Author ====== François Goichon - Google Security Team CVE-2017-12784 ============== Remote code execution in novi_process_manager_daemon Summary
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment