338 matches found
Cisco NX-OS Software CLI Comm Injection (cisco-sa-nxos-cmd-injection-xD9OhyOP)
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This...
Cisco Releases Security Advisories for Cisco NX-OS Software
Cisco released security advisories to address vulnerabilities affecting Cisco NX-OS Software. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following advisories and apply the necessary...
Cisco Nexus 3600 External BGP DoS (cisco-sa-nxos-po-acl-TkyePgvL)
A vulnerability in the External Border Gateway Protocol eBGP implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware...
Cisco NX-OS Software TACACS+ or RADIUS Remote Authentication Directed Request Denial of Service (CVE-2023-20168)
A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed...
Cisco NX-OS Software Authentication Error Vulnerability
Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. Cisco NX-OS Software suffers from an authentication error vulnerability that stems from incorrect input validation when TACACS+ and RADIUS process authentication attempts. ...
Cisco Nexus 3000 9000 Series Switches SFTP Server File Access (cisco-sa-nxos-sftp-xVAp5Hfd)
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...
CVE-2023-20168
A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed...
Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects SNMP Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service DoS condition...
Cisco MDS 9000 NX-OS Software Denial of Service (CVE-2013-5566)
Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service supervisor CPU consumption via Authentication Header AH authentication in a Virtual Router Redundancy Protocol VRRP frame, aka Bug ID CSCte27874. This plugin only works with Tenable.ot. Please vis...
Cisco NX-OS Software NX-API Command Injection (CVE-2022-20650)
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...
Cisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol Denial of Service (CVE-2018-0331)
A vulnerability in the Cisco Discovery Protocol formerly known as CDP subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service DoS condition. The vulnerability is due to a failure t...
Cisco NX-OS Software Unexpected IP in IP Packet Processing (CVE-2020-10136)
Multiple products that implement the IP Encapsulation within IP standard RFC 2003, STD 1 decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access...
Cisco NX-OS Software Python Parser Privilege Escalation (CVE-2019-1727)
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied...
Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service (CVE-2019-1962)
A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service DoS condition on an affected system. The vulnerability is due to insufficient validation of TCP packets...
Cisco NX-OS Software system login block-for Denial of Service (CVE-2021-1590)
A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service DoS condition. This vulnerability is due to a logic error in the...
Cisco NX-OS Software IPv6 Denial of Service (CVE-2019-1964)
A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An...
Cisco Nexus 7000/7700 Series Switches Software Patch Signature Verification (CVE-2019-1808)
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...
Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service (CVE-2018-0378)
A vulnerability in the Precision Time Protocol PTP feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of...
Cisco MDS 9000 Series Switches Denial of Service (CVE-2020-3175)
A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper resource usage control. An...
Cisco NX-OS Software Bash Shell Privilege Escalation (CVE-2019-1596)
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. A...