56 matches found
CVE-2022-20625
CVE-2022-20625 affects Cisco FXOS and Cisco NX-OS Software via the Cisco Discovery Protocol service. The root cause is improper handling of Cisco Discovery Protocol messages, allowing an unauthenticated, adjacent attacker to restart the CDP service and cause a DoS, with rare cases potentially reb...
CVE-2020-3120
CVE-2020-3120 affects Cisco FXOS, IOS XR, and NX-OS CDP handling. A missing check when processing Cisco Discovery Protocol messages could let an unauthenticated, adjacent attacker cause a device reload and DoS by sending crafted CDP packets (Layer 2). Impact per sources is DoS via memory exhausti...
CVE-2024-20294
Cisco NX-OS and FXOS LLDP DoS (CVE-2024-20294): A malformed LLDP frame could crash the LLDP service and potentially reload the device. Affected: Cisco FXOS Software and Cisco NX-OS Software. Attack requires adjacent access (direct Layer-2). Exploitation details and remediation are documented in C...
CVE-2021-1368
CVE-2021-1368 affects Cisco FXOS and NX-OS UDLD. The vulnerability stems from insufficient input validation in the Unidirectional Link Detection (UDLD) feature, allowing an unauthenticated, adjacent attacker to send crafted UDLD packets to trigger either arbitrary code execution with administrati...
CVE-2020-3166
CVE-2020-3166 : Cisco FXOS Software contains a CLI input validation flaw in the FXOS CLI command path that allows an authenticated, local attacker to read or write arbitrary files on the OS. The issue is triggered by crafted arguments to a specific CLI command, enabling partial to high impact on ...
CVE-2023-20234
CVE-2023-20234 affects Cisco FXOS Software. A authenticated, local attacker can exploit an CLI command without input validation to create or overwrite arbitrary files on the device filesystem, including system files. The issue requires valid administrative credentials and is local in scope; impac...
CVE-2020-3517
The CVE-2020-3517 issue affects Cisco FXOS and NX-OS Software, specifically the Cisco Fabric Services component. The vulnerability arises from insufficient error handling when parsing Cisco Fabric Services messages, enabling an unauthenticated attacker to trigger process crashes that could result...
CVE-2020-3172
CVE-2020-3172 affects Cisco FXOS Software and Cisco NX-OS Software via the Cisco Discovery Protocol. Insufficient validation of CDP packet headers allows an unauthenticated, Layer-2 adjacent attacker to send a crafted CDP packet, causing a buffer overflow that could let the attacker execute arbit...
CVE-2019-1858
Summary (CVE-2019-1858) : A vulnerability in the SNMP input packet processor on Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, leading to repeated restarts and a DoS condition. Root cause is imprope...
CVE-2023-20015
CVE-2023-20015 affects Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and Cisco UCS 6200–6500 Fabric Interconnects. The root cause is insufficient input validation of user-supplied commands in the CLI, enabling an authenticated, local attacker to inject unauthorized commands. An...
CVE-2022-20934
CVE-2022-20934 affects Cisco Firepower Threat Defense (FTD) and Cisco FXOS Software. The issue is a command-injection vulnerability in the CLI caused by insufficient input validation, allowing an authenticated, local attacker with Administrator privileges to inject OS commands and gain root acces...
CVE-2020-3167
CVE-2020-3167 covers a CLI command injection vulnerability in Cisco FXOS Software and Cisco UCS Manager Software. The issue stems from insufficient input validation in CLI commands, allowing an authenticated, local attacker to inject crafted arguments and execute arbitrary OS commands with the pr...
CVE-2019-1598
CVE-2019-1598 describes multiple LDAP parsing vulnerabilities in Cisco FXOS/NX-OS that allow an unauthenticated attacker to trigger a device reload and DoS by sending a BER-formatted LDAP packet from a configured LDAP source. Affected products/families and pre-patch versions (Cisco FXOS: <2.0....
CVE-2020-3169
The CVE-2020-3169 entry relates to Cisco FXOS Software CLI Command Injection. Affected component: FXOS CLI; root cause: insufficient validation of arguments passed to a specific CLI command. Exploitation: authenticated, local attacker can supply malicious input as a command argument to execute ar...
CVE-2020-3456
CVE-2020-3456 – Cisco FXOS FXCM CSRF vulnerability. The Cisco Firepower Chassis Manager (FCM) in FXOS Software has insufficient CSRF protections on its FCM interface, allowing an unauthenticated, remote attacker to induce a user to click a malicious link and send arbitrary requests on behalf of t...
CVE-2018-0303
CVE-2018-0303 affects Cisco FXOS and NX-OS Cisco Discovery Protocol handling. The issue stems from insufficient validation of Cisco Discovery Protocol packet headers, allowing an unauthenticated, adjacent attacker to send crafted packets that may cause a buffer overflow and enable arbitrary code ...
CVE-2019-12700
The CVE-2019-12700 issue affects Cisco Firepower Threat Defense (FTD), Cisco Firepower Management Center (FMC), and Cisco FXOS Software. It is caused by improper resource management in PAM user session handling, enabling an authenticated remote attacker to exhaust system resources by initiating m...
CVE-2019-1780
CVE-2019-1780 is a Cisco FXOS/NX-OS command-injection vulnerability in the CLI caused by insufficient validation of arguments passed to certain CLI commands. An authenticated local attacker with administrator credentials can exploit this to execute arbitrary commands on the underlying operating s...
CVE-2018-0331
The CVE-2018-0331 issue is a DoS in Cisco NX-OS FXOS/NX-OS/NCS/UCS Manager by failing to validate certain CDP fields in CDP messages. An unauthenticated, adjacent attacker can trigger a DoS that restarts affected devices. Affected products include Firepower 4100/NX-OS-based platforms, various Nex...
CVE-2019-1734
CVE-2019-1734 affects Cisco FXOS and NX-OS Software. Root cause: incomplete RBAC verification in a CLI diagnostic command, allowing an authenticated, local attacker to arbitrarily read sensitive files with valid credentials. Impact: information disclosure; no exploitation details provided beyond ...
CVE-2019-1795
Cisco FXOS Software and Cisco NX-OS Software are affected by CVE-2019-1795, a command-injection vulnerability in the CLI. The flaw stems from insufficient validation of arguments passed to a specific CLI command, allowing an authenticated, local attacker with valid administrator credentials to ru...
CVE-2020-3455
The CVE-2020-3455 entry applies to Cisco FXOS Software for Firepower 4100/9300 Series Appliances. Affected component is the secure boot process; root cause is insufficient protections that allow a local, authenticated attacker to bypass secure boot by injecting code into a file referenced during ...
CVE-2018-0311
CVE-2018-0311 affects Cisco FXOS Software and Cisco NX-OS Software, where an unauthenticated, remote attacker can cause a DoS by sending crafted Cisco Fabric Services packets. The root cause is inadequate validation of Fabric Services packets, potentially triggering a buffer overflow and device c...
CVE-2019-1597
CVE-2019-1597 describes multiple LDAP parsing flaws in Cisco FXOS/NX-OS that permit an unauthenticated, remote attacker to force a device reload and DoS by sending a BER-crafted LDAP packet from a configured LDAP server IP. Affected product families and versions include: Firepower 4100 series: &l...
CVE-2019-1600
CVE-2019-1600 concerns Cisco FXOS and NX-OS software. The vulnerability arises from improper file system permissions, allowing an authenticated, local attacker to access or modify restricted files and potentially expose sensitive data stored on the system. Affected products include Cisco FXOS/NX-...
CVE-2020-3545
CVE-2020-3545 concerns Cisco FXOS Software. The issue is a stack‑based buffer overflow caused by incorrect bounds checking when parsing values from a specific file. An authenticated, local attacker with administrative credentials can exploit this vulnerability by supplying a crafted file, potenti...
CVE-2018-0310
Public technical details beyond the initial description are not provided in the connected documents. Monitor for updates; no additional vendor data or exploit specifics are included in the supplied sources.
CVE-2019-1779
Cisco FXOS and NX-OS Software contain a command-injection vulnerability in the CLI due to insufficient validation of arguments for certain commands. An authenticated, local attacker with valid credentials could exploit this to execute arbitrary OS commands with elevated privileges on the affected...
CVE-2020-3457
Cisco FXOS Software CLI vulnerability allows an authenticated, local attacker to inject arbitrary commands due to insufficient input validation. The issue affects the CLI command handling and could lead to execution of OS commands with root privileges. Cisco and related advisories (and Nessus plu...
CVE-2021-34714
CVE-2021-34714 affects Cisco FXOS, IOS, IOS XE/XR, and NX-OS UDLD implementations. The root cause is improper input validation of UDLD packets, enabling an unauthenticated, adjacent attacker to trigger a device reload and DoS; on IOS XR the impact is limited to reloading the UDLD process. The vul...
CVE-2017-6602
The CVE-2017-6602 issue affects Cisco UCS Manager CLI, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance. Root cause: insufficient input validation in the CLI that allows a locally authenticated attacker to inject commands. Impact: command injection with read/write acc...
CVE-2017-6600
Cisco UCS Manager CLI vulnerability CVE-2017-6600 affects Cisco UCS Manager CLI and the Cisco Firepower 4100 Series NGFW and Cisco Firepower 9300 Security Appliance. Root cause: insufficient input validation for a vulnerable CLI command, allowing an authenticated local attacker to inject commands...
CVE-2020-3504
The CVE-2020-3504 issue affects Cisco UCS Manager Software Local Management CLI, where improper handling of CLI command parameters could allow an authenticated, local attacker to cause a DoS on affected devices. A successful exploit may cause internal UCS Manager processes to fail to terminate, l...
CVE-2015-6435
Cisco CVE-2015-6435 describes a remote command execution vulnerability via an unprotected CGI script in Cisco FX-OS on Firepower 9000 devices and Cisco UCS Manager. A crafted HTTP request to the CGI script can allow an unauthenticated attacker to execute arbitrary shell commands. Affected softwar...
CVE-2017-12329
CVE-2017-12329 describes a local command-injection vulnerability in the CLI of Cisco Firepower FXOS and NX-OS System Software caused by insufficient input validation of CLI arguments. An authenticated, local attacker could inject crafted arguments to execute arbitrary commands at the attacker’s p...
CVE-2018-0298
CVE-2018-0298 affects Cisco FXOS and Cisco UCS Fabric Interconnect Software. Affected components: web UI handling in Firepower 4100 Series, Firepower 9300, UCS 6200/6300 Fabric Interconnects. Root cause: insufficient input validation in the web UI, allowing an unauthenticated, remote attacker to ...
CVE-2018-0395
CVE-2018-0395 affects Cisco FXOS and NX-OS Software's LLDP implementation. The issue stems from improper input validation of LLDP TLV fields in the frame header, enabling an unauthenticated, adjacent attacker to trigger a DoS condition by sending a crafted LLDP packet, causing the device to reloa...
CVE-2019-12699
CVE-2019-12699 concerns Cisco FXOS Software and Firepower Threat Defense (FTD) CLI command injection vulnerabilities due to insufficient input validation. An authenticated, local attacker could exploit crafted arguments to specific CLI commands to execute arbitrary OS commands with root privilege...
CVE-2018-0294
The CVE-2018-0294 issue is a local-authenticated vulnerability in Cisco FXOS/NX-OS write-erase handling. The affected software may fail to delete sensitive files when clearing device configuration and reloading, enabling an authenticated administrator to create an unauthorized admin account that ...
CVE-2018-0302
CVE-2018-0302 describes a buffer overflow in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software. The root cause is improper input validation in the CLI parser subsystem, enabling an authenticated, local attacker to exceed expected input length and potentially execute...
CVE-2015-6369
The CVE-2015-6369 issue affects Cisco Firepower Extensible Operating System on Firepower 9000 devices (1.1(1.160)) via the USB driver. Root cause: insufficient sanitization of USB input parameters that allows a crafted USB device to trigger invalid kernel commands, enabling a local, unauthenticat...
CVE-2017-12277
The CVE-2017-12277 issue affects Cisco Firepower FX-OS-based Firepower 4100 Series NGFW and Firepower 9300 Security Appliance, specifically the Smart Licensing Manager service. The root cause is insufficient input validation of certain Smart Licensing configuration parameters, allowing an authent...
CVE-2017-3883
CVE-2017-3883 affects Cisco FXOS and NX-OS System Software with AAA enabled. An unauthenticated remote attacker can brute-force login attempts, causing AAA processes to block keepalive messages; memory pressure can trigger AAA restart or device reload, leading to a denial of service. Affected pro...
CVE-2017-6598
CVE-2017-6598 affects Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance. A vulnerability in the debug plug-in functionality allows an authenticated, local attacker to execute arbitrary commands with elevated privileges. The root cause is inadequate i...
CVE-2015-6370
The CVE-2015-6370 entry describes a local command-injection vulnerability in the Management I/O (MIO) CLI of Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices. The root cause is insufficient sanitization of user-supplied input in the CLI, allowing an authenticated l...
CVE-2017-6597
The CVE-2017-6597 issue affects Cisco UCS Manager and Cisco Firepower 4100 NGFW / 9300 Security Appliance. Affected component: local-mgmt CLI command. Root cause: insufficient input validation in the CLI leading to a command injection when an authenticated, local attacker supplies crafted argumen...
CVE-2015-6374
The CVE-2015-6374 vulnerability affects Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices, where the web interface inadequately restricts IFRAME usage. The root cause is insufficient input sanitization of iframe data in HTTP requests, enabling remote attackers to pe...
CVE-2017-12299
The CVE-2017-12299 entry describes a vulnerability in Cisco ASA Next-Generation Firewall Services where the process of creating default IP blocks during device initialization can allow an unauthenticated, remote attacker to reach the device’s local IP address and bypass filters that are supposed ...
CVE-2017-6601
The CVE-2017-6601 entry corresponds to a local CLI command-injection vulnerability in Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 appliances. The issue stems from insufficient input validation in the CLI, allowing an authenticated, local attacker to inject comman...
CVE-2015-6372
CVE-2015-6372 affects Cisco Firepower Extensible Operating System on Firepower 9000 devices (FEO 1.1(1.160)). The web-based management interface is vulnerable to a cross-site scripting (XSS) attack via a crafted value, enabling remote attackers to inject arbitrary script/HTML in the user’s browse...