CVSS: 7.2EPSS: 0%CPEs: 148EXPL: 0CVE-2019-1775 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1775
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with ... • http://www.securityfocus.com/bid/108371 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 153EXPL: 0CVE-2019-1776 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1776
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands o... • http://www.securityfocus.com/bid/108377 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 122EXPL: 0CVE-2019-1770 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1770
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacke... • http://www.securityfocus.com/bid/108376 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2018-0395 – Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0395
17 Oct 2018 — A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful ... • http://www.securityfocus.com/bid/105674 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 55EXPL: 0CVE-2017-12301
https://notcve.org/view.php?id=CVE-2017-12301
19 Oct 2017 — A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary comm... • http://www.securitytracker.com/id/1039622 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 2%CPEs: 67EXPL: 0CVE-2017-3883
https://notcve.org/view.php?id=CVE-2017-3883
19 Oct 2017 — A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS ... • http://www.securityfocus.com/bid/101493 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2017-3875
https://notcve.org/view.php?id=CVE-2017-3875
17 Mar 2017 — An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypass defined traffic configured within an access control list (ACL) on the affected system. More Information: CSCtz59354. Known Affected Releases: 5.2(4) 6.1(3)S5 6.1(3)S6 6.2(1.121)S0 7.2(1)D1(1) 7.3(0)ZN(0.161) 7.3(1)N1(0.1). Known Fixed Releases: 7.3(0)D1(1) 6.2(2) 6.1(5) 8.3(0)KMT(0.24) 8.3(0)CV(0.337) 7.3(1)N1... • http://www.securityfocus.com/bid/96930 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 250EXPL: 0CVE-2015-0721
https://notcve.org/view.php?id=CVE-2015-0721
06 Oct 2016 — Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492. Cisco NX-OS 4.0 hasta la versión 7.3 en Multilayer Director y dispositivos Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 1%CPEs: 65EXPL: 0CVE-2016-1454
https://notcve.org/view.php?id=CVE-2016-1454
06 Oct 2016 — Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417. Cisco NX-OS 4.0 hasta la versión 7.3 y 11.0 hasta la versión 11.2 en dispositivos 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700 y 9000 permite a atacantes remotos provocar una denegación ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-bgp • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 145EXPL: 0CVE-2015-6392
https://notcve.org/view.php?id=CVE-2015-6392
06 Oct 2016 — Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171. Cisco NX-OS 4.1 hasta la versión 7.3 y 11.0 hasta la versión 11.2 en dispositivos Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700 y 9000 permite a atacantes remotos provocar una... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp1 • CWE-399: Resource Management Errors •