CVSS: 3.3EPSS: 0%CPEs: 109EXPL: 0CVE-2020-3504 – Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3504
27 Aug 2020 — A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe • CWE-400: Uncontrolled Resource Consumption CWE-664: Improper Control of a Resource Through its Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 106EXPL: 0CVE-2019-1734 – Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1734
05 Nov 2019 — A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-info • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0CVE-2019-1968 – Cisco NX-OS Software NX-API Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1968
29 Aug 2019 — A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; howe... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.6EPSS: 2%CPEs: 123EXPL: 0CVE-2019-1967 – Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1967
29 Aug 2019 — A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the atta... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ntp-dos • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 106EXPL: 0CVE-2019-1780 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1780
16 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the ... • http://www.securityfocus.com/bid/108392 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 99EXPL: 0CVE-2019-1779 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1779
15 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary c... • http://www.securityfocus.com/bid/108394 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 98EXPL: 0CVE-2019-1735 – Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)
https://notcve.org/view.php?id=CVE-2019-1735
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlyin... • http://www.securityfocus.com/bid/108365 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.9EPSS: 0%CPEs: 18EXPL: 0CVE-2019-1732 – Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1732
15 May 2019 — A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected devi... • http://www.securityfocus.com/bid/108361 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-667: Improper Locking •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2019-1733 – Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1733
15 May 2019 — A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this vulnerability by persuading a user of the NX-API Sandbox interface to click a crafted link. A successful exploit could allow the... • http://www.securityfocus.com/bid/108348 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 33EXPL: 0CVE-2019-1727 – Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1727
15 May 2019 — A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate... • http://www.securityfocus.com/bid/108341 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •