67 matches found
Design/Logic Flaw
A vulnerability in the NX-API management application programming interface API in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain...
Buffer overflow
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the...
CVE-2018-0330
A vulnerability in the NX-API management application programming interface API in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain...
CVE-2018-0330
The CVE-2018-0330 issue concerns the NX-API management API in Cisco NX-OS Software. Affected devices include Cisco MDS 9000, Nexus 2000/3000/3500/5500/5600/6000/7000/7700 series, and NX-OS in standalone mode. Root cause: improper validation of parameters within NX-API requests, enabling an authen...
CVE-2018-0301
The CVE-2018-0301 entry describes a vulnerability in Cisco NX-OS NX-API where an unauthenticated remote attacker can send crafted HTTP/HTTPS packets to the management interface, triggering a buffer overflow due to improper input validation in the NX-API authentication module. This could allow arb...
CVE-2018-0330
A vulnerability in the NX-API management application programming interface API in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain...
Cisco NX-OS Software NX-API Arbitrary Command Execution Vulnerability
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied...