Nx-os@7.0(3)i4 Security Vulnerabilities and Issues — Nx-os@7.0(3)i4 CVE List

Lucene search

CiscoNx-os7.0(3)i4

26 matches found

CVE•added 2019/08/28 7:15 p.m.•85 views

CVE-2019-1963

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper val...

7.7CVSS6.7AI score0.00924EPSS

CVE•added 2019/03/06 10:29 p.m.•69 views

CVE-2019-1593

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to the ...

7.8CVSS7.7AI score0.00148EPSS

CVE•added 2019/05/16 5:29 p.m.•61 views

CVE-2019-1780

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insuffi...

7.2CVSS5.7AI score0.0006EPSS

CVE•added 2019/05/15 8:29 p.m.•60 views

CVE-2019-1774

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could...

7.2CVSS6.6AI score0.00107EPSS

CVE•added 2019/05/15 9:29 p.m.•60 views

CVE-2019-1795

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to...

7.2CVSS6.7AI score0.00107EPSS

CVE•added 2018/06/20 9:29 p.m.•59 views

CVE-2018-0307

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting mali...

7.8CVSS7.8AI score0.00134EPSS

CVE•added 2018/06/20 9:29 p.m.•58 views

CVE-2018-0291

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol...

6.8CVSS6.4AI score0.00907EPSS

CVE•added 2018/06/21 11:29 a.m.•57 views

CVE-2018-0331

A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure...

6.5CVSS6.4AI score0.00319EPSS

CVE•added 2019/11/05 8:15 p.m.•56 views

CVE-2019-1734

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attac...

5.5CVSS5.4AI score0.002EPSS

CVE•added 2019/03/11 10:0 p.m.•55 views

CVE-2019-1616

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An attac...

8.6CVSS7.9AI score0.00843EPSS

CVE•added 2019/05/15 8:29 p.m.•55 views

CVE-2019-1776

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on...

7.2CVSS6.7AI score0.00107EPSS

CVE•added 2018/06/20 9:29 p.m.•54 views

CVE-2018-0292

A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in...

8.8CVSS9.2AI score0.00247EPSS

CVE•added 2019/05/15 8:29 p.m.•53 views

CVE-2019-1782

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI com...

7.2CVSS6.6AI score0.00107EPSS

CVE•added 2019/05/15 8:29 p.m.•50 views

CVE-2019-1775

7.2CVSS6.6AI score0.00107EPSS

CVE•added 2019/03/11 10:0 p.m.•49 views

CVE-2019-1618

A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability b...

7.8CVSS7.8AI score0.00188EPSS

CVE•added 2019/08/30 9:15 a.m.•49 views

CVE-2019-1968

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exp...

7.5CVSS6.2AI score0.00436EPSS

CVE•added 2018/06/20 9:29 p.m.•48 views

CVE-2018-0295

A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP updat...

7.8CVSS7.6AI score0.01067EPSS

CVE•added 2019/05/15 5:29 p.m.•48 views

CVE-2019-1727

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameter...

7.2CVSS5.8AI score0.00134EPSS

CVE•added 2019/05/15 9:29 p.m.•46 views

CVE-2019-1791

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of argu...

7.2CVSS6.6AI score0.00076EPSS

CVE•added 2019/05/15 5:29 p.m.•45 views

CVE-2019-1732

A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command inject...

6.9CVSS6.7AI score0.00172EPSS

CVE•added 2018/06/20 9:29 p.m.•44 views

CVE-2018-0293

A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is d...

9CVSS8.8AI score0.02041EPSS

CVE•added 2018/06/20 9:29 p.m.•44 views

CVE-2018-0330

A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain param...

8.8CVSS8.9AI score0.00154EPSS

CVE•added 2019/05/15 5:29 p.m.•42 views

CVE-2019-1730

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must au...

7.2CVSS6.4AI score0.00049EPSS

CVE•added 2019/05/15 5:29 p.m.•42 views

CVE-2019-1731

A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vuln...

5.1CVSS4.6AI score0.00179EPSS

CVE•added 2019/05/15 8:29 p.m.•42 views

CVE-2019-1781

7.2CVSS6.6AI score0.00107EPSS

CVE•added 2019/05/15 7:29 p.m.•41 views

CVE-2019-1735

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI com...

7.8CVSS6.5AI score0.00091EPSS