CVSS: 6.5EPSS: 0%CPEs: 100EXPL: 0CVE-2019-1690 – Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability
https://notcve.org/view.php?id=CVE-2019-1690
A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interface of an affected device. An attacker on the same physical network could exploit this vulnerability by attempting to connect to the IPv6 link-local address on the affected device. A successful exploit could allow the attacker to bypass default access control restrictions on an affected device. Cisco Application Policy Infrastructure Controller (APIC) devices running versions prior to 4.2(0.21c) are affected. • http://www.securityfocus.com/bid/107317 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-apic-ipv6 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 98EXPL: 0CVE-2018-0306
https://notcve.org/view.php?id=CVE-2018-0306
A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. Note: This vulnerability requires that any feature license is uploaded to the device. • http://www.securitytracker.com/id/1041169 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-execution • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •