CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2019-1585 – Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1585
06 Mar 2019 — A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrative access to ... • http://www.securityfocus.com/bid/107312 • CWE-16: Configuration •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2018-0092
https://notcve.org/view.php?id=CVE-2018-0092
18 Jan 2018 — A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is due to a lack of proper role-based access control (RBAC) checks for the actions that a user with the network-operator role is allowed to perform. An attacker could exploit this vulnerability by authenticating to th... • http://www.securityfocus.com/bid/102750 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 0CVE-2017-3878
https://notcve.org/view.php?id=CVE-2017-3878
17 Mar 2017 — A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet c... • http://www.securityfocus.com/bid/96927 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 22EXPL: 0CVE-2017-3879
https://notcve.org/view.php?id=CVE-2017-3879
17 Mar 2017 — A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. The attacker could use either a Telnet or an SSH client for the remote login attempt. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are... • http://www.securityfocus.com/bid/96920 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 37EXPL: 0CVE-2016-6457
https://notcve.org/view.php?id=CVE-2016-6457
19 Nov 2016 — A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) - ACI Mode and Cisco Application Policy Infrastructure Controller (APIC). More Information: CSCuy93241. Known Affected Releases: 11.2(2x) 11.2(3x) 11.3(1x) 11.3(2x) 12.0(1x). Known Fixed Releases: 11.2(2i) 1... • http://www.securityfocus.com/bid/94077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 250EXPL: 0CVE-2015-0721
https://notcve.org/view.php?id=CVE-2015-0721
06 Oct 2016 — Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492. Cisco NX-OS 4.0 hasta la versión 7.3 en Multilayer Director y dispositivos Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 1%CPEs: 65EXPL: 0CVE-2016-1454
https://notcve.org/view.php?id=CVE-2016-1454
06 Oct 2016 — Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417. Cisco NX-OS 4.0 hasta la versión 7.3 y 11.0 hasta la versión 11.2 en dispositivos 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700 y 9000 permite a atacantes remotos provocar una denegación ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-bgp • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 145EXPL: 0CVE-2015-6392
https://notcve.org/view.php?id=CVE-2015-6392
06 Oct 2016 — Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171. Cisco NX-OS 4.1 hasta la versión 7.3 y 11.0 hasta la versión 11.2 en dispositivos Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700 y 9000 permite a atacantes remotos provocar una... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp1 • CWE-399: Resource Management Errors •
CVSS: 9.0EPSS: 0%CPEs: 25EXPL: 0CVE-2016-1302
https://notcve.org/view.php?id=CVE-2016-1302
07 Feb 2016 — Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. Dispositivos Cisco Application Policy Infrastructure Controller (APIC) con software anterior a 1.0(3h) y 1.1 en versiones anteriores a 1.1(1j) y switches Nexus 9000 ACI Mode con software... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6295
https://notcve.org/view.php?id=CVE-2015-6295
20 Sep 2015 — Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560. Vulnerabilidad en Cisco NX-OS 6.1(2)I3(4) y 7.0(3)I1(1) en dispositivos Nexus 9000 (N9K), permite a atacantes remotos provocar una denegación de servicio (consumo de CPU o inestabilidad en el plano de control) o desencadenar reenv... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40990 • CWE-399: Resource Management Errors •