CVSS: 6.7EPSS: 0%CPEs: 22EXPL: 0CVE-2019-1729 – Cisco NX-OS Software Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2019-1729
15 May 2019 — A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no verification of user-input parameters and or digital-signature verification for image files when using a specific CLI command. An attacker could exploit this... • http://www.securityfocus.com/bid/108378 • CWE-20: Improper Input Validation CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2019-1726 – Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1726
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services... • http://www.securityfocus.com/bid/108409 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 211EXPL: 0CVE-2019-1649 – Cisco Secure Boot Hardware Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2019-1649
13 May 2019 — A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot har... • http://www.securityfocus.com/bid/108350 • CWE-284: Improper Access Control CWE-667: Improper Locking •
CVSS: 7.2EPSS: 0%CPEs: 44EXPL: 0CVE-2019-1611 – Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611)
https://notcve.org/view.php?id=CVE-2019-1611
11 Mar 2019 — A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying... • http://www.securityfocus.com/bid/107381 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.6EPSS: 1%CPEs: 43EXPL: 0CVE-2019-1616 – Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1616
11 Mar 2019 — A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow, resulting in process crashes ... • http://www.securityfocus.com/bid/107395 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2019-1608 – Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)
https://notcve.org/view.php?id=CVE-2019-1608
08 Mar 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with e... • http://www.securityfocus.com/bid/107386 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 32EXPL: 0CVE-2019-1609 – Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)
https://notcve.org/view.php?id=CVE-2019-1609
08 Mar 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with e... • http://www.securityfocus.com/bid/107341 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-1603 – Cisco NX-OS Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1603
08 Mar 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow an attacker to make configuration changes to the system as administrator. Nexus 3000 Series Switches ar... • http://www.securityfocus.com/bid/107328 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2019-1604 – Cisco NX-OS Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1604
08 Mar 2019 — A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID (GID). An attacker could exploit this vulnerability by taking advantage of a logic error that will permit the use of higher privileged commands than what is necessarily assigned. A successful exploit could allow an attacker to ... • http://www.securityfocus.com/bid/107323 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 8.6EPSS: 6%CPEs: 55EXPL: 0CVE-2019-1599 – Cisco NX-OS Software Netstack Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1599
07 Mar 2019 — A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to an issue with allocating and freeing memory buffers in the network stack. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device in a sustained way. A successful exploit could cause the network stack of an affected device to run out of available buffers, impairin... • http://www.securityfocus.com/bid/107342 • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •