CVSS: 7.7EPSS: 1%CPEs: 101EXPL: 0CVE-2019-1965 – Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1965
28 Aug 2019 — A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.6EPSS: 1%CPEs: 99EXPL: 0CVE-2019-1962 – Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1962
28 Aug 2019 — A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploi... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos • CWE-20: Improper Input Validation •
CVSS: 7.7EPSS: 0%CPEs: 184EXPL: 0CVE-2019-1963 – Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1963
28 Aug 2019 — A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A success... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 2%CPEs: 205EXPL: 0CVE-2019-1858 – Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1858
16 May 2019 — A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful e... • http://www.securityfocus.com/bid/108358 • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.2EPSS: 0%CPEs: 149EXPL: 0CVE-2019-1791 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1791
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbi... • http://www.securityfocus.com/bid/108390 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 171EXPL: 0CVE-2019-1795 – Cisco FXOS and NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1795
15 May 2019 — A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to ex... • http://www.securityfocus.com/bid/108479 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 151EXPL: 0CVE-2019-1790 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1790
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on t... • http://www.securityfocus.com/bid/108383 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 71EXPL: 0CVE-2019-1778 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1778
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands... • http://www.securityfocus.com/bid/108362 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 148EXPL: 0CVE-2019-1774 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1774
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with ... • http://www.securityfocus.com/bid/108371 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 148EXPL: 0CVE-2019-1775 – Cisco NX-OS Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1775
15 May 2019 — A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with ... • http://www.securityfocus.com/bid/108371 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •