Cisco Nx-Os Software vulnerabilities

CVE-2024-20267 [HIGH] CWE-120 CVE-2024-20267: A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenti A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame.

CVE-2024-20294 [MEDIUM] CWE-805 CVE-2024-20294: A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vu

CVE-2024-20291 [MEDIUM] CWE-284 CVE-2024-20291: A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs wh

CVE-2023-20169 [HIGH] CWE-788 CVE-2023-20169: A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS So A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to r

CVE-2023-20115 [MEDIUM] CWE-671 CVE-2023-20115: A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Seri A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when

CVE-2023-20168 [MEDIUM] CWE-120 CVE-2023-20168: A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An at

CVE-2023-20050 [HIGH] CWE-78 CVE-2023-20050: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including craf

CVE-2022-20823 [HIGH] CWE-126 CVE-2022-20823: A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauth A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv

CVE-2022-20824 [HIGH] CWE-121 CVE-2022-20824: A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Softw A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are w

CVE-2022-20623 [HIGH] CWE-399 CVE-2022-20623: A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker cou

CVE-2022-20624 [HIGH] CWE-400 CVE-2022-20624: A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted

CVE-2022-20650 [HIGH] CWE-78 CVE-2022-20650: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote a A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to

CVE-2022-20625 [MEDIUM] CWE-399 CVE-2022-20625: A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Softw A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisc

CVE-2021-1588 [HIGH] CWE-126 CVE-2021-1588: A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply pac

CVE-2021-1587 [HIGH] CWE-115 CVE-2021-1587: A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific packets with a Transparent Interconnection of Lots of

CVE-2021-1591 [MEDIUM] CWE-284 CVE-2021-1591: A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches coul A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are configured on an affected device. This vulnerability is due to oversubscription of resources that occurs when applying ACLs to port channel interfaces. An att

CVE-2021-1590 [MEDIUM] CWE-787 CVE-2021-1590: A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when a

CVE-2021-1361 [CRITICAL] CWE-552 CVE-2021-1361: A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Se A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This

CVE-2021-1387 [HIGH] CWE-401 CVE-2021-1387: A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could expl

CVE-2021-1368 [HIGH] CWE-787 CVE-2021-1368: A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An a