Lucene search
+L

397 matches found

cisa
cisa
added 2024/12/05 12:0 p.m.9 views

Cisco Releases Security Updates for NX-OS Software

Cisco released security updates to address a vulnerability in Cisco NX-OS software. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the necessary updates: Cisco NX-OS...

7.3AI score
Exploits0References1
cve
cve
added 2024/12/04 4:13 p.m.100 views

CVE-2024-20397

Cisco NX-OS Software is affected by a bootloader vulnerability (CVE-2024-20397) that allows bypassing image signature verification. The issue stems from insecure bootloader settings and can be exploited by executing bootloader commands to load unverified software. Attacker access requirements: un...

5.2CVSS5.5AI score0.00304EPSS
Exploits0References1
nvd
nvd
added 2024/11/14 10:15 a.m.43 views

CVE-2024-5917

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible...

4.9CVSS0.00481EPSS
Exploits0References1
nvd
nvd
added 2024/11/14 10:15 a.m.29 views

CVE-2024-5918

An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you...

5.3CVSS0.00172EPSS
Exploits0References1
cvelist
cvelist
added 2024/11/14 9:39 a.m.39 views

CVE-2024-2552 PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall...

6.8CVSS0.00474EPSS
Exploits0References1
paloalto
paloalto
added 2024/11/13 6:0 p.m.18 views

PAN-OS: Server-Side Request Forgery in WildFire

A server-side request forgery in PAN-OS software enables an authenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. Work around: Recommended mitigation—The vast majority of firewalls already...

2.1CVSS6.6AI score0.00481EPSS
Exploits0References1
nessus
nessus
added 2024/09/06 12:0 a.m.66 views

Cisco NX-OS Software Python Sbox Escape Multiple Vulnerabilities (cisco-sa-nxos-psbe-ce-YvbTn5du)

According to its self-reported version, Cisco NX-OS Software is affected by multiple vulnerabilities. - A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low- privileged, local attacker to escape the Python sandbox and gain unauthorized access to the...

8.8CVSS6AI score0.00194EPSS
Exploits0References15
cnvd
cnvd
added 2024/08/30 12:0 a.m.9 views

Cisco NX-OS Software License Issue Vulnerability (CNVD-2024-37701)

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. Cisco NX-OS Software has an authorization issue vulnerability that stems from insufficient security restrictions when executing commands from the Bash shell. An attacker...

6.7CVSS7.9AI score0.0016EPSS
Exploits0References1
cnvd
cnvd
added 2024/08/30 12:0 a.m.8 views

Cisco NX-OS Software Elevation of Privilege Vulnerability (CNVD-2024-37700)

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. An elevation of privilege vulnerability exists in Cisco NX-OS Software, which stems from insufficient security restrictions when executing application parameters from a Bas...

6.7CVSS7AI score0.00149EPSS
Exploits0References1
cnvd
cnvd
added 2024/08/30 12:0 a.m.8 views

Cisco NX-OS Software Denial of Service Vulnerability (CNVD-2024-37698)

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A denial of service vulnerability exists in Cisco NX-OS Software that stems from improper handling of specific fields in the DHCPv6 RELAY-REPLY message. An attacker could...

8.6CVSS6.6AI score0.00784EPSS
Exploits0References1
nvd
nvd
added 2024/08/28 5:15 p.m.13 views

CVE-2024-20411

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An...

6.7CVSS0.0016EPSS
Exploits0References1
nvd
nvd
added 2024/08/28 5:15 p.m.14 views

CVE-2024-20284

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...

8.8CVSS0.00194EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/08/28 4:37 p.m.18 views

CVE-2024-20284 Cisco NX-OS Software Python Parser Escape Vulnerability

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...

5.3CVSS7.3AI score0.00194EPSS
Exploits0References2
cve
cve
added 2024/08/28 4:37 p.m.109 views

CVE-2024-20284

CVE-2024-20284 : Cisco NX-OS Software contains a vulnerability in the Python interpreter that allows an authenticated, low-privileged, local attacker to escape the Python sandbox and run arbitrary commands on the underlying OS due to insufficient validation of user input. The attack requires Pyth...

8.8CVSS7.4AI score0.00194EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/08/28 4:37 p.m.21 views

CVE-2024-20285 Cisco NX-OS Software Python Parser Escape Vulnerability

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...

5.3CVSS7.3AI score0.00194EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/08/28 4:37 p.m.21 views

CVE-2024-20286 Cisco NX-OS Software Python Parser Escape Vulnerability

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...

5.3CVSS7.3AI score0.00194EPSS
Exploits0References2
cve
cve
added 2024/08/28 4:31 p.m.57 views

CVE-2024-20446

CVE-2024-20446 : Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service. A vulnerability in the DHCPv6 RELAY-REPLY handling could let an unauthenticated, remote attacker send crafted DHCPv6 packets to any IPv6 address on affected devices, causing the dhcp_snoop process to crash and restart rep...

8.6CVSS8.5AI score0.00784EPSS
Exploits0References1
cve
cve
added 2024/08/28 4:31 p.m.52 views

CVE-2024-20289

CVE-2024-20289 affects Cisco NX-OS Software CLI. The issue is caused by insufficient validation of arguments for a specific CLI command, enabling an authenticated, low-privileged, local attacker to execute arbitrary commands on the device with the privileges of the logged-in user. Several connect...

4.4CVSS5.2AI score0.00227EPSS
Exploits0References1
cve
cve
added 2024/08/28 4:27 p.m.54 views

CVE-2024-20411

Cisco NX-OS Software contains a Bash shell-related vulnerability that allows an authenticated, local attacker with Bash-shell access to execute arbitrary code as root due to insufficient command restrictions. Public sources (including Cisco Security Advisory Cisco NX-OS Bash Arbitrary Code Execut...

6.7CVSS6.9AI score0.0016EPSS
Exploits0References1
nvd
nvd
added 2024/07/01 5:15 p.m.37 views

CVE-2024-20399

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...

6.7CVSS0.04271EPSS
Exploits1References3
Rows per page
Query Builder