12 matches found
CVE-2022-20625
CVE-2022-20625 affects Cisco FXOS and Cisco NX-OS Software via the Cisco Discovery Protocol service. The root cause is improper handling of Cisco Discovery Protocol messages, allowing an unauthenticated, adjacent attacker to restart the CDP service and cause a DoS, with rare cases potentially reb...
CVE-2020-3166
CVE-2020-3166 : Cisco FXOS Software contains a CLI input validation flaw in the FXOS CLI command path that allows an authenticated, local attacker to read or write arbitrary files on the OS. The issue is triggered by crafted arguments to a specific CLI command, enabling partial to high impact on ...
CVE-2020-3172
CVE-2020-3172 affects Cisco FXOS Software and Cisco NX-OS Software via the Cisco Discovery Protocol. Insufficient validation of CDP packet headers allows an unauthenticated, Layer-2 adjacent attacker to send a crafted CDP packet, causing a buffer overflow that could let the attacker execute arbit...
CVE-2020-3167
CVE-2020-3167 covers a CLI command injection vulnerability in Cisco FXOS Software and Cisco UCS Manager Software. The issue stems from insufficient input validation in CLI commands, allowing an authenticated, local attacker to inject crafted arguments and execute arbitrary OS commands with the pr...
CVE-2019-1598
CVE-2019-1598 describes multiple LDAP parsing vulnerabilities in Cisco FXOS/NX-OS that allow an unauthenticated attacker to trigger a device reload and DoS by sending a BER-formatted LDAP packet from a configured LDAP source. Affected products/families and pre-patch versions (Cisco FXOS: <2.0....
CVE-2019-1780
CVE-2019-1780 is a Cisco FXOS/NX-OS command-injection vulnerability in the CLI caused by insufficient validation of arguments passed to certain CLI commands. An authenticated local attacker with administrator credentials can exploit this to execute arbitrary commands on the underlying operating s...
CVE-2019-1734
CVE-2019-1734 affects Cisco FXOS and NX-OS Software. Root cause: incomplete RBAC verification in a CLI diagnostic command, allowing an authenticated, local attacker to arbitrarily read sensitive files with valid credentials. Impact: information disclosure; no exploitation details provided beyond ...
CVE-2019-1795
Cisco FXOS Software and Cisco NX-OS Software are affected by CVE-2019-1795, a command-injection vulnerability in the CLI. The flaw stems from insufficient validation of arguments passed to a specific CLI command, allowing an authenticated, local attacker with valid administrator credentials to ru...
CVE-2019-1597
CVE-2019-1597 describes multiple LDAP parsing flaws in Cisco FXOS/NX-OS that permit an unauthenticated, remote attacker to force a device reload and DoS by sending a BER-crafted LDAP packet from a configured LDAP server IP. Affected product families and versions include: Firepower 4100 series: &l...
CVE-2020-3455
The CVE-2020-3455 entry applies to Cisco FXOS Software for Firepower 4100/9300 Series Appliances. Affected component is the secure boot process; root cause is insufficient protections that allow a local, authenticated attacker to bypass secure boot by injecting code into a file referenced during ...
CVE-2019-1779
Cisco FXOS and NX-OS Software contain a command-injection vulnerability in the CLI due to insufficient validation of arguments for certain commands. An authenticated, local attacker with valid credentials could exploit this to execute arbitrary OS commands with elevated privileges on the affected...
CVE-2020-3459
CVE-2020-3459 affects Cisco FXOS Software for Firepower 4100/9300 series. The issue stems from insufficient input validation in the CLI, allowing an authenticated, local attacker to submit crafted input that commands are executed with root privileges on the underlying OS. Impact is command inject...