CVE-2020-13122

2020-08-1715:59:25

mitre

www.cve.org

9.1 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.4%

JSON

The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the “show status destination ipaddr” command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system.

References

drive.google.com/file/d/1iL4cc0ZbQK9s190DbFQD7mWYbBH-vlJb/view?usp=sharing