Nx-os Security Vulnerabilities and Issues — Page 6 of Nx-os CVE List

Lucene search

CiscoNx-os

275 matches found

CVE•added 2016/10/06 10:59 a.m.•38 views

CVE-2015-6393

Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733, CSCus2...

7.8CVSS7.4AI score0.00989EPSS

CVE•added 2016/10/05 8:59 p.m.•38 views

CVE-2016-1455

Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365.

7.5CVSS7.3AI score0.00679EPSS

CVE•added 2012/05/03 10:11 a.m.•37 views

CVE-2011-4023

Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.

7.8CVSS6.4AI score0.00427EPSS

CVE•added 2013/04/29 12:20 p.m.•37 views

CVE-2013-1226

The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.

6.1CVSS6.8AI score0.00501EPSS

CVE•added 2014/06/14 4:26 a.m.•37 views

CVE-2014-3295

The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309.

4.8CVSS7.1AI score0.01123EPSS

CVE•added 2015/01/10 2:59 a.m.•37 views

CVE-2015-0582

The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129.

5CVSS7AI score0.0105EPSS

CVE•added 2019/03/11 10:0 p.m.•37 views

CVE-2019-1614

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this vulner...

9CVSS9AI score0.01897EPSS

CVE•added 2017/09/25 9:29 p.m.•36 views

CVE-2011-4667

The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor f...

5.9CVSS5.7AI score0.00151EPSS

CVE•added 2015/04/03 2:0 a.m.•36 views

CVE-2015-0686

The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID CSCuq92240.

6.3CVSS6.5AI score0.00768EPSS

CVE•added 2015/06/20 2:59 p.m.•36 views

CVE-2015-4197

Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415.

6.1CVSS6.7AI score0.00633EPSS

CVE•added 2015/07/03 10:59 a.m.•36 views

CVE-2015-4232

Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.

4.6CVSS7.4AI score0.0028EPSS

CVE•added 2018/06/21 11:29 a.m.•36 views

CVE-2018-0299

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incom...

6.8CVSS6.5AI score0.00907EPSS

CVE•added 2012/08/06 6:55 p.m.•35 views

CVE-2012-1357

The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521.

5CVSS6.8AI score0.00474EPSS

CVE•added 2013/05/29 7:55 p.m.•35 views

CVE-2013-1209

The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection vi...

5CVSS6.8AI score0.00071EPSS

CVE•added 2015/08/19 11:59 p.m.•35 views

CVE-2015-4296

Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006.

5CVSS7AI score0.00918EPSS

CVE•added 2013/10/05 10:55 a.m.•34 views

CVE-2012-4075

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.

7.2CVSS7.8AI score0.00219EPSS

CVE•added 2013/11/08 4:47 a.m.•34 views

CVE-2013-5566

Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.

5CVSS7.1AI score0.01286EPSS

CVE•added 2014/08/11 10:55 p.m.•34 views

CVE-2014-3330

Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly process packet-drop policy checks for logged packets, which allows remote attackers to bypass intended access restrictions via a flood of packets matching a policy that contains the log keyword, aka Bug ID CSCuo02489.

5CVSS6.8AI score0.00179EPSS

CVE•added 2015/06/12 2:59 p.m.•34 views

CVE-2015-0775

The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allow...

5CVSS6.9AI score0.01246EPSS

CVE•added 2016/07/28 1:59 a.m.•34 views

CVE-2016-1465

Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985.

6.5CVSS6.4AI score0.00904EPSS

CVE•added 2015/02/03 10:59 p.m.•33 views

CVE-2014-8013

The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.

4.9CVSS6.3AI score0.00093EPSS

CVE•added 2015/07/03 10:59 a.m.•33 views

CVE-2015-4234

Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.

7.2CVSS6.7AI score0.00122EPSS

CVE•added 2015/10/02 3:59 p.m.•33 views

CVE-2015-6308

Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684.

4CVSS6.5AI score0.00388EPSS

CVE•added 2013/12/21 2:22 p.m.•32 views

CVE-2012-4135

Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.

4.6CVSS6.6AI score0.00024EPSS

CVE•added 2016/02/24 3:59 a.m.•32 views

CVE-2016-1341

Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.

9.8CVSS8.9AI score0.00277EPSS

Total number of security vulnerabilities275