CVSS: 7.4EPSS: 0%CPEs: 208EXPL: 0CVE-2020-3120 – Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3120
05 Feb 2020 — A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected devi... • http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.7EPSS: 1%CPEs: 18EXPL: 0CVE-2019-12700 – Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12700
02 Oct 2019 — A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultan... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2019-12699 – Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12699
02 Oct 2019 — Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •