CVSS: 8.6EPSS: 1%CPEs: 15EXPL: 0CVE-2018-0305
https://notcve.org/view.php?id=CVE-2018-0305
21 Jun 2018 — A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to force a NULL p... • http://www.securitytracker.com/id/1041169 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 4%CPEs: 17EXPL: 0CVE-2018-0304
https://notcve.org/view.php?id=CVE-2018-0304
20 Jun 2018 — A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service (DoS) condition, or execute arbitrary code as root. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful... • http://www.securityfocus.com/bid/104513 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 0CVE-2018-0308
https://notcve.org/view.php?id=CVE-2018-0308
20 Jun 2018 — A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attack... • http://www.securityfocus.com/bid/104514 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 14EXPL: 0CVE-2018-0312
https://notcve.org/view.php?id=CVE-2018-0312
20 Jun 2018 — A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to... • http://www.securityfocus.com/bid/104515 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 16EXPL: 0CVE-2018-0314
https://notcve.org/view.php?id=CVE-2018-0314
20 Jun 2018 — A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful explo... • http://www.securityfocus.com/bid/104516 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0338
https://notcve.org/view.php?id=CVE-2018-0338
07 Jun 2018 — A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execu... • http://www.securityfocus.com/bid/104456 • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2017-12336
https://notcve.org/view.php?id=CVE-2017-12336
30 Nov 2017 — A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying ope... • http://www.securityfocus.com/bid/102168 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-12329
https://notcve.org/view.php?id=CVE-2017-12329
30 Nov 2017 — A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products... • http://www.securityfocus.com/bid/102015 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12331
https://notcve.org/view.php?id=CVE-2017-12331
30 Nov 2017 — A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software patch on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability... • http://www.securityfocus.com/bid/102159 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2017-12332
https://notcve.org/view.php?id=CVE-2017-12332
30 Nov 2017 — A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. • http://www.securityfocus.com/bid/102160 • CWE-434: Unrestricted Upload of File with Dangerous Type •