9 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2020-3120
CVE-2020-3120 affects Cisco FXOS, IOS XR, and NX-OS CDP handling. A missing check when processing Cisco Discovery Protocol messages could let an unauthenticated, adjacent attacker cause a device reload and DoS by sending crafted CDP packets (Layer 2). Impact per sources is DoS via memory exhausti...
CVE-2018-0331
The CVE-2018-0331 issue is a DoS in Cisco NX-OS FXOS/NX-OS/NCS/UCS Manager by failing to validate certain CDP fields in CDP messages. An unauthenticated, adjacent attacker can trigger a DoS that restarts affected devices. Affected products include Firepower 4100/NX-OS-based platforms, various Nex...
CVE-2023-20016
CVE-2023-20016 affects Cisco UCS Manager Software and Cisco FXOS Software backups/export files. The root issue is a weakness in the backup encryption method using a static key, which could let an unauthenticated attacker with access to a backup decrypt sensitive data stored in full state and conf...
CVE-2020-3171
The CVE-2020-3171 entry covers Cisco FXOS and Cisco UCS Manager Software Local Management CLI Command Injection caused by insufficient input validation in the local-mgmt CLI. An authenticated, local attacker can run arbitrary commands on the device’s underlying OS; on most platforms this occurs w...
CVE-2021-34714
CVE-2021-34714 affects Cisco FXOS, IOS, IOS XE/XR, and NX-OS UDLD implementations. The root cause is improper input validation of UDLD packets, enabling an unauthenticated, adjacent attacker to trigger a device reload and DoS; on IOS XR the impact is limited to reloading the UDLD process. The vul...
CVE-2018-0294
The CVE-2018-0294 issue is a local-authenticated vulnerability in Cisco FXOS/NX-OS write-erase handling. The affected software may fail to delete sensitive files when clearing device configuration and reloading, enabling an authenticated administrator to create an unauthorized admin account that ...
CVE-2017-3883
CVE-2017-3883 affects Cisco FXOS and NX-OS System Software with AAA enabled. An unauthenticated remote attacker can brute-force login attempts, causing AAA processes to block keepalive messages; memory pressure can trigger AAA restart or device reload, leading to a denial of service. Affected pro...
CVE-2018-0300
Cisco FXOS on the Firepower 4100 Series NGFW and Firepower 9300 Security Appliance is affected by a path traversal vulnerability in the application image upload flow. Insufficient validation during image upload allows an authenticated, remote attacker to create or overwrite arbitrary files on the...