397 matches found
Cisco Releases Security Updates for NX-OS Software
Cisco released security updates to address a vulnerability in Cisco NX-OS software. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the necessary updates: Cisco NX-OS...
CVE-2024-20397
Cisco NX-OS Software is affected by a bootloader vulnerability (CVE-2024-20397) that allows bypassing image signature verification. The issue stems from insecure bootloader settings and can be exploited by executing bootloader commands to load unverified software. Attacker access requirements: un...
CVE-2024-5917
A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible...
CVE-2024-5918
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you...
CVE-2024-2552 PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall...
PAN-OS: Server-Side Request Forgery in WildFire
A server-side request forgery in PAN-OS software enables an authenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. Work around: Recommended mitigation—The vast majority of firewalls already...
Cisco NX-OS Software Python Sbox Escape Multiple Vulnerabilities (cisco-sa-nxos-psbe-ce-YvbTn5du)
According to its self-reported version, Cisco NX-OS Software is affected by multiple vulnerabilities. - A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low- privileged, local attacker to escape the Python sandbox and gain unauthorized access to the...
Cisco NX-OS Software License Issue Vulnerability (CNVD-2024-37701)
Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. Cisco NX-OS Software has an authorization issue vulnerability that stems from insufficient security restrictions when executing commands from the Bash shell. An attacker...
Cisco NX-OS Software Elevation of Privilege Vulnerability (CNVD-2024-37700)
Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. An elevation of privilege vulnerability exists in Cisco NX-OS Software, which stems from insufficient security restrictions when executing application parameters from a Bas...
Cisco NX-OS Software Denial of Service Vulnerability (CNVD-2024-37698)
Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A denial of service vulnerability exists in Cisco NX-OS Software that stems from improper handling of specific fields in the DHCPv6 RELAY-REPLY message. An attacker could...
CVE-2024-20411
A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An...
CVE-2024-20284
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
CVE-2024-20284 Cisco NX-OS Software Python Parser Escape Vulnerability
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
CVE-2024-20284
CVE-2024-20284 : Cisco NX-OS Software contains a vulnerability in the Python interpreter that allows an authenticated, low-privileged, local attacker to escape the Python sandbox and run arbitrary commands on the underlying OS due to insufficient validation of user input. The attack requires Pyth...
CVE-2024-20285 Cisco NX-OS Software Python Parser Escape Vulnerability
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
CVE-2024-20286 Cisco NX-OS Software Python Parser Escape Vulnerability
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
CVE-2024-20446
CVE-2024-20446 : Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service. A vulnerability in the DHCPv6 RELAY-REPLY handling could let an unauthenticated, remote attacker send crafted DHCPv6 packets to any IPv6 address on affected devices, causing the dhcp_snoop process to crash and restart rep...
CVE-2024-20289
CVE-2024-20289 affects Cisco NX-OS Software CLI. The issue is caused by insufficient validation of arguments for a specific CLI command, enabling an authenticated, low-privileged, local attacker to execute arbitrary commands on the device with the privileges of the logged-in user. Several connect...
CVE-2024-20411
Cisco NX-OS Software contains a Bash shell-related vulnerability that allows an authenticated, local attacker with Bash-shell access to execute arbitrary code as root due to insufficient command restrictions. Public sources (including Cisco Security Advisory Cisco NX-OS Bash Arbitrary Code Execut...
CVE-2024-20399
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...