CVSS: 7.8EPSS: 1%CPEs: 105EXPL: 0CVE-2018-0311
https://notcve.org/view.php?id=CVE-2018-0311
21 Jun 2018 — A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful... • http://www.securitytracker.com/id/1041169 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 101EXPL: 0CVE-2018-0331
https://notcve.org/view.php?id=CVE-2018-0331
21 Jun 2018 — A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Discovery Protocol message prior to processing it. An attacker with the ability to submit a Cisco Discovery Protocol message designed to trigger the issue could ... • http://www.securitytracker.com/id/1041169 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2018-0337
https://notcve.org/view.php?id=CVE-2018-0337
21 Jun 2018 — A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected device. A successful exploit could allow the attacker to cause other users to execute unwanted, arbitrary co... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-rbaccess • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 78EXPL: 0CVE-2018-0292
https://notcve.org/view.php?id=CVE-2018-0292
20 Jun 2018 — A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the IGMP Snooping subsystem. An attacker could exploit this vulnerability by sending crafted IGMP packets to an affe... • http://www.securitytracker.com/id/1041169 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 84EXPL: 0CVE-2018-0294
https://notcve.org/view.php?id=CVE-2018-0294
20 Jun 2018 — A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete sensitive files when certain CLI commands are used to clear the device configuration and reload a device. An attacker could exploit this vulnerability by logging into an affected device as an administrative user and confi... • http://www.securitytracker.com/id/1041169 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 73EXPL: 0CVE-2018-0307
https://notcve.org/view.php?id=CVE-2018-0307
20 Jun 2018 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that ... • http://www.securitytracker.com/id/1041169 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 85EXPL: 0CVE-2018-0330
https://notcve.org/view.php?id=CVE-2018-0330
20 Jun 2018 — A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker ... • http://www.securitytracker.com/id/1041169 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 4%CPEs: 87EXPL: 0CVE-2018-0301
https://notcve.org/view.php?id=CVE-2018-0301
20 Jun 2018 — A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the NX-API subsystem. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled. An exploit could allow the ... • http://www.securityfocus.com/bid/104512 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2018-0090
https://notcve.org/view.php?id=CVE-2018-0090
18 Jan 2018 — A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to high CPU utilization and a denial of service (DoS) condition. The vulnerability is due to a bad code fix in the 7.3.2 code train that could allow traffic to the management interface to be misclassified and not mat... • http://www.securityfocus.com/bid/102753 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 2%CPEs: 67EXPL: 0CVE-2017-3883
https://notcve.org/view.php?id=CVE-2017-3883
19 Oct 2017 — A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS ... • http://www.securityfocus.com/bid/101493 • CWE-770: Allocation of Resources Without Limits or Throttling •