CVSS: 8.6EPSS: 0%CPEs: 69EXPL: 0CVE-2021-1588 – Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1588
A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply packet. An attacker could exploit this vulnerability by sending malicious MPLS echo-request or echo-reply packets to an interface that is enabled for MPLS forwarding on the affected device. A successful exploit could allow the attacker to cause the MPLS OAM process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Una vulnerabilidad en la funcionalidad Operation, Administration, and Maintenance (OAM) de MPLS del Software Cisco NX-OS, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 8.6EPSS: 0%CPEs: 63EXPL: 0CVE-2021-1587 – Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1587
A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific packets with a Transparent Interconnection of Lots of Links (TRILL) OAM EtherType. An attacker could exploit this vulnerability by sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN (EVPN) fabric. A successful exploit could allow the attacker to cause an affected device to experience high CPU usage and consume excessive system resources, which may result in overall control plane instability and cause the affected device to reload. Note: The NGOAM feature is disabled by default. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv • CWE-115: Misinterpretation of Input CWE-436: Interpretation Conflict •
CVSS: 8.6EPSS: 0%CPEs: 42EXPL: 0CVE-2021-1586 – Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1586
A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition. This vulnerability exists because TCP traffic sent to a specific port on an affected device is not properly sanitized. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port that is listening on a public-facing IP address for the Multi-Pod or Multi-Site configuration. A successful exploit could allow the attacker to cause the device to restart unexpectedly, resulting in a DoS condition. Una vulnerabilidad en las configuraciones de red Multi-Pod o Multi-Site para Cisco Nexus 9000 Series Fabric Switches en el modo Application Centric Infrastructure (ACI) podría permitir a un atacante remoto no autenticado reiniciar inesperadamente el dispositivo, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-tcp-dos-YXukt6gM • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.2EPSS: 0%CPEs: 42EXPL: 0CVE-2021-1584 – Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1584
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root. Una vulnerabilidad en Cisco Nexus 9000 Series Fabric Switches en el modo Application Centric Infrastructure (ACI) podría permitir a un atacante local autenticado elevar los privilegios en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.4EPSS: 0%CPEs: 42EXPL: 0CVE-2021-1583 – Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2021-1583
A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to read arbitrary files on the file system of the affected device. Una vulnerabilidad en el control de acceso al sistema de archivos de la infraestructura de fábrica de Cisco Nexus 9000 Series Fabric Switches en el modo Application Centric Infrastructure (ACI) podría permitir a un atacante local autenticado leer archivos arbitrarios en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-afr-UtjfO2D7 • CWE-284: Improper Access Control •