CVE-2025-37159

Summary: CVE-2025-37159 affects the web management interface of the AOS-CX OS user authentication service. An authenticated remote attacker could hijack an active user session, potentially maintaining unauthorized access to that session and viewing or modifying sensitive configuration data. What’...

Cisco NX-OS Software Operating System Command Injection Vulnerability

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. Cisco NX-OS Software suffers from an operating system command injection vulnerability that stems from insufficient user input validation, which can be exploited by an...

CVE-2025-24323

The CVE-2025-24323 issue affects Intel(R) PCIe Switch software (firmware package and LED mode toggle tool) prior to MR4_1.0b1. The root cause is improper access control, enabling a local, privileged user to escalate privileges. Impact is described as escalation of privilege with local access (no ...

Cisco NX-OS Software 安全漏洞

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A command execution vulnerability exists in Cisco NX-OS Software that stems from insufficient validation of user-supplied input. An attacker could exploit this vulnerabilit...

GHSA-QX34-47FC-VV79 Answer vulnerable to Race Condition

Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4...

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55917)

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55884)

NCH Axon PBX is a virtual phone switch software used in business environments. A cross-site scripting vulnerability exists in NCH Axon PBX, which stems from the failure of the product's primary phone to properly filter incoming data for special characters, which can be exploited to execute...

NCH Axon PBX Cross-Site Scripting Vulnerability

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. A cross-site scripting vulnerability exists in NCH Axon PBX, which stems from the failure of the product's extension name to properly filter special characters in input data, and can be exploited to execut...

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55888)

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...

NCH Axon PBX 路径遍历漏洞

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The NCH Axon PBX has a security vulnerability that could be exploited by an attacker to send a constructed URL request to the logprop function, which contains a "dot-dot" sequence in the file parameter /...

Cisco NX-OS Software Privilege License and Access Control Issues Vulnerability

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A permission and access control issue vulnerability exists in the Simple Network Management Protocol Access Control Column feature of Cisco NX-OS Software, which can be...

Buffer overflow

A vulnerability in the Link Layer Discovery Protocol LLDP subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges. T...

Command injection

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is...

CVE-2019-1803

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is...

CVE-2019-1592

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication Vulnerability

A vulnerability in the Transport Layer Security TLS certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The...

Input validation

A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a...

CVE-2019-1591

CVE-2019-1591 affects Cisco Nexus 9000 Series switches in ACI Mode. Affected due to insufficient sanitization of user input in a specific CLI command, allowing an authenticated, local attacker to escape the restricted shell and execute arbitrary commands with root-level privileges. Affected devic...

CVE-2019-1585

Cisco Nexus 9000 Series ACI Mode Switch Software contains a privilege-escalation vulnerability (CVE-2019-1585) due to misconfigured sudoers for the bashroot component. An authenticated, local attacker could log in with a crafted user ID and temporarily gain root privileges, escalating Standard us...

Switch v4.68 - Code Execution Vulnerability

Document Title: =============== Switch v4.68 - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1649 Release Date: ============= 2015-11-23 Vulnerability Laboratory ID VL-ID: ==================================== 1649 Common...