CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2018-0092
https://notcve.org/view.php?id=CVE-2018-0092
A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is due to a lack of proper role-based access control (RBAC) checks for the actions that a user with the network-operator role is allowed to perform. An attacker could exploit this vulnerability by authenticating to the device with user credentials that give that user the network-operator role. Successful exploitation could allow the attacker to impact the integrity of the device by deleting configured user credentials. • http://www.securityfocus.com/bid/102750 http://www.securitytracker.com/id/1040248 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos1 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 0CVE-2017-3878
https://notcve.org/view.php?id=CVE-2017-3878
A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet connections to the device. More Information: CSCux46778. Known Affected Releases: 7.0(3)I3(0.170). • http://www.securityfocus.com/bid/96927 http://www.securitytracker.com/id/1038047 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-nss • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 22EXPL: 0CVE-2017-3879
https://notcve.org/view.php?id=CVE-2017-3879
A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. The attacker could use either a Telnet or an SSH client for the remote login attempt. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet connections to the device. More Information: CSCuy25824. • http://www.securityfocus.com/bid/96920 http://www.securitytracker.com/id/1038046 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-nss1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 37EXPL: 0CVE-2016-6457
https://notcve.org/view.php?id=CVE-2016-6457
A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) - ACI Mode and Cisco Application Policy Infrastructure Controller (APIC). More Information: CSCuy93241. Known Affected Releases: 11.2(2x) 11.2(3x) 11.3(1x) 11.3(2x) 12.0(1x). Known Fixed Releases: 11.2(2i) 11.2(2j) 11.2(3f) 11.2(3g) 11.2(3h) 11.2(3l) 11.3(0.236) 11.3(1j) 11.3(2i) 11.3(2j) 12.0(1r). • http://www.securityfocus.com/bid/94077 http://www.securitytracker.com/id/1037185 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 250EXPL: 0CVE-2015-0721
https://notcve.org/view.php?id=CVE-2015-0721
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492. Cisco NX-OS 4.0 hasta la versión 7.3 en Multilayer Director y dispositivos Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700 y 9000 permite a usuarios remotos autenticados eludir restricciones AAA destinadas y obtener un acceso CLI privilegiado a través de parámetros manipulados en una negociación de conexión SSH, vulnerabilidad también conocida como Bug IDs CSCum35502, CSCuw78669, CSCuw79754 y CSCux88492. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa http://www.securityfocus.com/bid/93410 http://www.securitytracker.com/id/1036947 • CWE-264: Permissions, Privileges, and Access Controls •