CVSS: 9.0EPSS: 1%CPEs: 28EXPL: 0CVE-2019-1634 – Cisco Integrated Management Controller Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1634
21 Aug 2019 — A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted inp... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 26EXPL: 0CVE-2019-1850 – Cisco Integrated Management Controller Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1850
21 Aug 2019 — A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator credentials on the device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker with elevated privileges could exploit this vulnerability by sending craf... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 1%CPEs: 7EXPL: 0CVE-2019-12634 – Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12634
21 Aug 2019 — A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inabil... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos • CWE-264: Permissions, Privileges, and Access Controls CWE-306: Missing Authentication for Critical Function •
CVSS: 6.7EPSS: 0%CPEs: 41EXPL: 0CVE-2019-1809 – Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1809
15 May 2019 — A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker ... • http://www.securityfocus.com/bid/108375 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.2EPSS: 0%CPEs: 171EXPL: 0CVE-2019-1795 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1795
15 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to ex... • http://www.securityfocus.com/bid/108479 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0CVE-2019-1784 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1784
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands... • http://www.securityfocus.com/bid/108369 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 151EXPL: 0CVE-2019-1790 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1790
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on t... • http://www.securityfocus.com/bid/108383 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 112EXPL: 0CVE-2019-1781 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1781
15 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlyin... • http://www.securityfocus.com/bid/108407 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 112EXPL: 0CVE-2019-1782 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1782
15 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlyin... • http://www.securityfocus.com/bid/108407 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 153EXPL: 0CVE-2019-1776 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1776
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands o... • http://www.securityfocus.com/bid/108377 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •