Lucene search

K

45 matches found

CVE
CVE
added 2013/08/05 1:22 p.m.190 views

CVE-2013-0149

The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, ...

5.8CVSS6.2AI score0.00937EPSS
CVE
CVE
added 2023/08/23 7:15 p.m.117 views

CVE-2023-20168

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed r...

7.1CVSS6.6AI score0.00108EPSS
CVE
CVE
added 2020/08/27 4:15 p.m.108 views

CVE-2020-3397

A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomple...

8.6CVSS8.5AI score0.00528EPSS
CVE
CVE
added 2023/02/23 8:15 p.m.107 views

CVE-2023-20050

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An atta...

7.8CVSS6.4AI score0.00064EPSS
CVE
CVE
added 2020/02/26 5:15 p.m.83 views

CVE-2020-3172

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insuffi...

8.8CVSS9.4AI score0.01078EPSS
CVE
CVE
added 2020/08/27 4:15 p.m.69 views

CVE-2020-3454

A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call...

9CVSS7.2AI score0.02031EPSS
CVE
CVE
added 2020/08/27 4:15 p.m.64 views

CVE-2020-3394

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker...

7.8CVSS7.8AI score0.00036EPSS
CVE
CVE
added 2020/08/27 4:15 p.m.60 views

CVE-2020-3338

A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper error handling when processin...

7.5CVSS7.5AI score0.01311EPSS
CVE
CVE
added 2013/09/19 6:55 p.m.58 views

CVE-2013-1121

The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.

5.4CVSS6.7AI score0.00427EPSS
CVE
CVE
added 2020/08/27 4:15 p.m.56 views

CVE-2020-3398

A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vul...

8.6CVSS8.3AI score0.00856EPSS
CVE
CVE
added 2020/08/27 4:15 p.m.56 views

CVE-2020-3415

A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input v...

8.8CVSS8.9AI score0.00214EPSS
CVE
CVE
added 2013/05/29 7:55 p.m.53 views

CVE-2013-1212

The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837.

5.8CVSS6.5AI score0.00176EPSS
CVE
CVE
added 2020/08/27 4:15 p.m.53 views

CVE-2020-3504

A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit ...

3.3CVSS4AI score0.00168EPSS
CVE
CVE
added 2021/08/25 8:15 p.m.53 views

CVE-2021-1587

A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specif...

8.6CVSS8.4AI score0.00348EPSS
CVE
CVE
added 2013/10/14 3:34 a.m.52 views

CVE-2012-4097

The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.

4.3CVSS6.8AI score0.00443EPSS
CVE
CVE
added 2013/05/29 7:55 p.m.52 views

CVE-2013-1213

Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSC...

5CVSS6.8AI score0.00677EPSS
CVE
CVE
added 2021/02/04 5:15 p.m.52 views

CVE-2021-1389

A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due ...

6.5CVSS6.1AI score0.00226EPSS
CVE
CVE
added 2013/10/05 10:55 a.m.50 views

CVE-2012-4091

The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.

5CVSS6.8AI score0.01141EPSS
CVE
CVE
added 2013/11/13 3:55 p.m.49 views

CVE-2013-6683

The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.

6.1CVSS6.8AI score0.00182EPSS
CVE
CVE
added 2013/10/05 10:55 a.m.48 views

CVE-2012-4141

Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.

6.2CVSS6.5AI score0.00229EPSS
CVE
CVE
added 2013/05/29 7:55 p.m.48 views

CVE-2013-1210

Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID C...

5.4CVSS6.7AI score0.0071EPSS
CVE
CVE
added 2013/02/13 11:55 p.m.47 views

CVE-2013-1122

Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673.

5CVSS6.8AI score0.00708EPSS
CVE
CVE
added 2018/06/21 11:29 a.m.47 views

CVE-2018-0313

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied d...

9CVSS8.9AI score0.00802EPSS
CVE
CVE
added 2013/10/05 10:55 a.m.45 views

CVE-2012-4098

The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.

5CVSS6.8AI score0.00535EPSS
CVE
CVE
added 2014/01/22 9:55 p.m.45 views

CVE-2014-0677

The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.

5CVSS6.8AI score0.01295EPSS
CVE
CVE
added 2014/01/08 9:55 p.m.44 views

CVE-2013-6982

The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka Bug ID CSCuj03174.

4.3CVSS6.7AI score0.01292EPSS
CVE
CVE
added 2013/10/14 3:34 a.m.43 views

CVE-2012-4076

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.

6.8CVSS7.7AI score0.00123EPSS
CVE
CVE
added 2013/10/14 3:34 a.m.43 views

CVE-2012-4121

Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.

6.8CVSS6.8AI score0.0008EPSS
CVE
CVE
added 2013/07/10 8:55 p.m.43 views

CVE-2013-3400

The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.

6.8CVSS7.5AI score0.00288EPSS
CVE
CVE
added 2014/01/22 9:55 p.m.43 views

CVE-2014-0676

Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.

6.8CVSS6.6AI score0.00084EPSS
CVE
CVE
added 2013/10/05 10:55 a.m.42 views

CVE-2012-4122

The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.

6.2CVSS6.7AI score0.00123EPSS
CVE
CVE
added 2014/05/26 12:25 a.m.42 views

CVE-2014-3261

Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devi...

7.6CVSS7.8AI score0.0082EPSS
CVE
CVE
added 2013/10/05 10:55 a.m.41 views

CVE-2012-4090

The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.

4CVSS6AI score0.00505EPSS
CVE
CVE
added 2013/12/21 2:22 p.m.41 views

CVE-2012-4131

Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.

4.6CVSS6.6AI score0.0003EPSS
CVE
CVE
added 2013/05/29 7:55 p.m.41 views

CVE-2013-1211

Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832.

5CVSS7AI score0.00353EPSS
CVE
CVE
added 2013/09/16 1:2 p.m.41 views

CVE-2013-5496

Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.

6.3CVSS6.2AI score0.002EPSS
CVE
CVE
added 2013/10/14 3:34 a.m.40 views

CVE-2012-4077

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.

6.8CVSS7.6AI score0.00123EPSS
CVE
CVE
added 2013/05/29 7:55 p.m.39 views

CVE-2013-1208

The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CS...

5.8CVSS6.9AI score0.00173EPSS
CVE
CVE
added 2013/10/14 3:34 a.m.38 views

CVE-2012-4099

The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.

4.3CVSS6.8AI score0.00443EPSS
CVE
CVE
added 2013/01/19 8:55 p.m.38 views

CVE-2012-6396

Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCu...

4.9CVSS6.4AI score0.00363EPSS
CVE
CVE
added 2013/04/29 12:20 p.m.37 views

CVE-2013-1226

The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.

6.1CVSS6.8AI score0.00501EPSS
CVE
CVE
added 2015/01/10 2:59 a.m.37 views

CVE-2015-0582

The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129.

5CVSS7AI score0.0105EPSS
CVE
CVE
added 2013/05/29 7:55 p.m.35 views

CVE-2013-1209

The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection vi...

5CVSS6.8AI score0.00071EPSS
CVE
CVE
added 2013/10/05 10:55 a.m.34 views

CVE-2012-4075

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.

7.2CVSS7.8AI score0.00219EPSS
CVE
CVE
added 2015/02/03 10:59 p.m.33 views

CVE-2014-8013

The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.

4.9CVSS6.3AI score0.00093EPSS