cvedb.io
CVE-2017-12785
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-08-22T17:29:00.193 · Last modified 2026-06-17T01:03:55.887

Summary

The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.

Affected products

noviflow — noviware

Does this affect you?

Add your gear to cvedb and we'll alert you only when noviflow ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.