Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
High
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
Low
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
Low
Integrity (Subsequent System)
High
Availability (Subsequent System)
None
Affected products
- Broadcom / DX NetOps Spectrum23.3.6 and earlier – 23.3.6 and earlier
- Broadcom / DX NetOps Spectrum23.3.7 and later – 23.3.7 and later