Page 24 of 224 results (0.008 seconds)

CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h). Una vulnerabilidad en Cisco Nexus 9000 Series Fabric Switches que se ejecuta en el modo Application-Centric Infrastructure (ACI) podría permitir a un atacante local autenticado leer archivos arbitrarios en un dispositivo afectado. • http://www.securityfocus.com/bid/107316 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-file-read • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0

A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrative access to escalate privileges. A successful exploit could allow the attacker to escalate privileges on an affected device. This Vulnerability has been fixed in version 4.0(1h) Una vulnerabilidad en la funcionalidad de autorización de Cisco Nexus 9000 Series ACI Mode Switch Software puede permitir a un atacante local autenticado escalar usuarios estándares con privilegios root en un dispositivo afectado. • http://www.securityfocus.com/bid/107312 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-controller-privsec • CWE-16: Configuration •

CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0

A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of protection against PTP frame flood attacks. An attacker could exploit this vulnerability by sending large streams of malicious IPv4 or IPv6 PTP traffic to the affected device. A successful exploit could allow the attacker to cause a DoS condition, impacting the traffic passing through the device. Una vulnerabilidad en la característica Precision Time Protocol (PTP) de Cisco Nexus 5500, 5600 y 6000 Series Switches que ejecutan Cisco NX-OS Software podría permitir que un atacante remoto no autenticado cree una condición de denegación de servicio (DoS) en un dispositivo afectado. • http://www.securityfocus.com/bid/105669 http://www.securitytracker.com/id/1041920 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nexus-ptp-dos • CWE-20: Improper Input Validation •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. Una vulnerabilidad en el procesador de paquetes entrantes SNMP (Simple Network Management Protocol) del software Cisco NX-OS podría permitir que la aplicación SNMP se reinicie inesperadamente en un dispositivo afectado. • http://www.securityfocus.com/bid/105668 http://www.securitytracker.com/id/1041921 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nxos-snmp • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0

A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly. Una vulnerabilidad en la implementación LLDP (Link Layer Discovery Protocol) para Cisco FXOS Software y Cisco NX-OS Software podría permitir que un atacante adyacente no autenticado cree una condición de denegación de servicio (DoS) cuando el dispositivo se recarga inesperadamente. • http://www.securityfocus.com/bid/105674 http://www.securitytracker.com/id/1041919 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos • CWE-20: Improper Input Validation •