CVSS: 6.7EPSS: 0%CPEs: 41EXPL: 0CVE-2019-1809 – Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1809
15 May 2019 — A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker ... • http://www.securityfocus.com/bid/108375 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.2EPSS: 0%CPEs: 149EXPL: 0CVE-2019-1791 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1791
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbi... • http://www.securityfocus.com/bid/108390 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 171EXPL: 0CVE-2019-1795 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1795
15 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to ex... • http://www.securityfocus.com/bid/108479 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 151EXPL: 0CVE-2019-1790 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1790
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on t... • http://www.securityfocus.com/bid/108383 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 112EXPL: 0CVE-2019-1781 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1781
15 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlyin... • http://www.securityfocus.com/bid/108407 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 112EXPL: 0CVE-2019-1782 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1782
15 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlyin... • http://www.securityfocus.com/bid/108407 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 148EXPL: 0CVE-2019-1774 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1774
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with ... • http://www.securityfocus.com/bid/108371 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 148EXPL: 0CVE-2019-1775 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1775
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with ... • http://www.securityfocus.com/bid/108371 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 153EXPL: 0CVE-2019-1776 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1776
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands o... • http://www.securityfocus.com/bid/108377 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 100EXPL: 0CVE-2019-1690 – Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability
https://notcve.org/view.php?id=CVE-2019-1690
11 Mar 2019 — A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interface of an affected device. An attacker on the same physical network could exploit this vulnerability by attempting to connect to the IPv6 link-local address on t... • http://www.securityfocus.com/bid/107317 • CWE-284: Improper Access Control •