Page 6 of 114 results (0.010 seconds)

CVSS: 7.2EPSS: 0%CPEs: 65EXPL: 0

A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. • http://www.securityfocus.com/bid/108386 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.6EPSS: 0%CPEs: 205EXPL: 0

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. • http://www.securityfocus.com/bid/108358 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.2EPSS: 0%CPEs: 73EXPL: 0

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Una vulnerabilidad en la función Image Signature Verification del programa Cisco NX-OS podría permitir que un atacante local autenticado con credenciales de administrador para instalar una imagen de programa malintencionado en un dispositivo afectado. La vulnerabilidad se debe a que las firmas digitales del programa no se verifican correctamente durante la ejecución del comando CLI. • http://www.securityfocus.com/bid/108425 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 7.2EPSS: 0%CPEs: 73EXPL: 0

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Una vulnerabilidad en la función Image Signature Verification del software Cisco NX-OS podría permitir que un atacante local autenticado con credenciales de administrador para instalar una imagen de software malintencionado en un dispositivo afectado. La vulnerabilidad se debe a que las firmas digitales del software no se verifican correctamente durante la ejecución del comando CLI. • http://www.securityfocus.com/bid/108425 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 6.7EPSS: 0%CPEs: 41EXPL: 0

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image. Una vulnerabilidad en la función Image Signature Verification del programa Cisco NX-OS podría permitir que un atacante local autenticado con credenciales de administrador para instalar un parche de programa malicioso en un dispositivo afectado. • http://www.securityfocus.com/bid/108375 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb • CWE-347: Improper Verification of Cryptographic Signature •