CVSS: 7.2EPSS: 0%CPEs: 122EXPL: 0CVE-2019-1770 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1770
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. • http://www.securityfocus.com/bid/108376 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.1EPSS: 0%CPEs: 81EXPL: 0CVE-2019-1731 – Cisco NX-OS Software SSH Key Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1731
A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user's private SSH key. • http://www.securityfocus.com/bid/108353 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-ssh-info • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 100EXPL: 0CVE-2019-1690 – Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability
https://notcve.org/view.php?id=CVE-2019-1690
A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interface of an affected device. An attacker on the same physical network could exploit this vulnerability by attempting to connect to the IPv6 link-local address on the affected device. A successful exploit could allow the attacker to bypass default access control restrictions on an affected device. Cisco Application Policy Infrastructure Controller (APIC) devices running versions prior to 4.2(0.21c) are affected. • http://www.securityfocus.com/bid/107317 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-apic-ipv6 • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0CVE-2018-0378 – Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0378
A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of protection against PTP frame flood attacks. An attacker could exploit this vulnerability by sending large streams of malicious IPv4 or IPv6 PTP traffic to the affected device. A successful exploit could allow the attacker to cause a DoS condition, impacting the traffic passing through the device. Una vulnerabilidad en la característica Precision Time Protocol (PTP) de Cisco Nexus 5500, 5600 y 6000 Series Switches que ejecutan Cisco NX-OS Software podría permitir que un atacante remoto no autenticado cree una condición de denegación de servicio (DoS) en un dispositivo afectado. • http://www.securityfocus.com/bid/105669 http://www.securitytracker.com/id/1041920 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nexus-ptp-dos • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 101EXPL: 0CVE-2018-0331
https://notcve.org/view.php?id=CVE-2018-0331
A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Discovery Protocol message prior to processing it. An attacker with the ability to submit a Cisco Discovery Protocol message designed to trigger the issue could cause a DoS condition on an affected device while the device restarts. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc89242, CSCve40943, CSCve40953, CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000, CSCve41007. • http://www.securitytracker.com/id/1041169 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-cdp • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •