CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2019-12697 – Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12697
02 Oct 2019 — Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Cisco Firepower System Software Detection Engine, podrían permitir a un atacante remoto no autenticado omitir las Políticas de Malware y Archivos configuradas para los tipos de archiv... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-firepwr-bypass • CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2019-12696 – Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12696
02 Oct 2019 — Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Cisco Firepower System Software Detection Engine, podrían permitir a un atacante remoto no autenticado omitir las Políticas de Malware y Archivos configuradas para los tipos de archiv... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-firepwr-bypass • CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2019-12675 – Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12675
02 Oct 2019 — Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-container-esc • CWE-116: Improper Encoding or Escaping of Output CWE-216: DEPRECATED: Containment Errors (Container Errors) •
CVSS: 8.2EPSS: 0%CPEs: 17EXPL: 0CVE-2019-12674 – Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12674
02 Oct 2019 — Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-container-esc • CWE-116: Improper Encoding or Escaping of Output CWE-216: DEPRECATED: Containment Errors (Container Errors) •
CVSS: 7.7EPSS: 0%CPEs: 184EXPL: 0CVE-2019-1963 – Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1963
28 Aug 2019 — A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A success... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 106EXPL: 0CVE-2019-1780 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1780
16 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the ... • http://www.securityfocus.com/bid/108392 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.6EPSS: 2%CPEs: 205EXPL: 0CVE-2019-1858 – Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1858
16 May 2019 — A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful e... • http://www.securityfocus.com/bid/108358 • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.2EPSS: 0%CPEs: 171EXPL: 0CVE-2019-1795 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1795
15 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to ex... • http://www.securityfocus.com/bid/108479 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 112EXPL: 0CVE-2019-1781 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1781
15 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlyin... • http://www.securityfocus.com/bid/108407 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 112EXPL: 0CVE-2019-1782 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1782
15 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlyin... • http://www.securityfocus.com/bid/108407 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •