CVE-2018-0138

CVE-2018-0138 affects Cisco Firepower System Software’s detection engine, enabling an unauthenticated remote attacker to bypass BitTorrent file policies by sending crafted BitTorrent handshake requests. This bypass specifically targets the detection logic that blocks BitTorrent-delivered files; e...

CVE-2018-0138

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected softwa...

CVE-2018-0138

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected softwa...

CVE-2018-0092

A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is...

CVE-2018-0090

A vulnerability in management interface access control list ACL configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to...

CVE-2018-0092

A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is...

CVE-2018-0092

CVE-2018-0092 affects Cisco NX-OS System Software on Nexus platforms (Nexus 3000/3600/9000 standalone NX-OS and Nexus 9500 R-series line cards/fabric modules). The root cause is insufficient RBAC checks for the network-operator role, allowing an authenticated, local attacker to delete other confi...

Multiple Cisco Products Cisco NX-OS System Software Signature Bypass Vulnerability

Cisco Multilayer Director Switches are products of Cisco Corporation.Cisco Multilayer Director Switches is a switch product.Unified Computing System Manager is a set of embedded device management software.Cisco NX-OS System Software is a set of software that runs in the switch. Cisco NX-OS System...

Cisco NX-OS System Software Command Injection Vulnerability in Multiple Cisco Products (CNVD-2017-36152)

Cisco Multilayer Director Switches are products of Cisco Corporation.Cisco Multilayer Director Switches are switches.Nexus 2000 Series Fabric Extenders are Nexus 2000 Series Array Extenders.NX-OS System Software is a set of operating systems used in them.CLI is a command line program used in...

Cisco Secure Access Control System Information Disclosure Vulnerability (CNVD-2017-36399)

Cisco Secure Access Control System ACS is a set of security access control system of the United States Cisco Cisco. The system can be through the RADIUS, TACACS protocols for network access and network device access control. An information disclosure vulnerability exists in the Web-based interfac...

Command injection

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...

CVE-2017-12331

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit th...

Improper access control

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due t...

Design/Logic Flaw

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installin...

CVE-2017-12330

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...

CVE-2017-12335

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...

CVE-2017-12334

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command...

CVE-2017-12332

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installin...

CVE-2017-12351

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due t...

CVE-2017-12334

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command...