CVSS: 7.2EPSS: 0%CPEs: 138EXPL: 0CVE-2019-12662 – Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-12662
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image. Una vulnerabilidad en el Software Cisco NX-OS y el Software Cisco IOS XE, podría permitir que un atacante local autenticado con credenciales válidas de administrador o nivel de privilegio 15 cargue una imagen de servicio virtual y omita la comprobación de firma en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-vman • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.0EPSS: 0%CPEs: 25EXPL: 0CVE-2016-1302
https://notcve.org/view.php?id=CVE-2016-1302
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. Dispositivos Cisco Application Policy Infrastructure Controller (APIC) con software anterior a 1.0(3h) y 1.1 en versiones anteriores a 1.1(1j) y switches Nexus 9000 ACI Mode con software anterior a 11.0(3h) y 11.1 en versiones anteriores a 11.1(1j) permite a usuarios remotos autenticados eludir las restricciones destinadas RBAC a través de peticiones REST manipuladas, también conocido como Bug ID CSCut12998. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic http://www.securitytracker.com/id/1034925 • CWE-284: Improper Access Control •