Cisco Nx-Os Software vulnerabilities

CVE-2021-1229 [MEDIUM] CWE-401 CVE-2021-1229: A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthe A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition. This vulnerability is due to improper error handling when an IPv6-configured interface receives a specific type of ICMPv6 pa

CVE-2021-1367 [MEDIUM] CWE-20 CVE-2021-1367: A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could al A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an a

CVE-2020-3517 [HIGH] CWE-476 CVE-2020-3517: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Softwa A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about

CVE-2020-3398 [HIGH] CWE-20 CVE-2020-3398: A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type

CVE-2020-3397 [HIGH] CWE-20 CVE-2020-3397: A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update

CVE-2020-3415 [HIGH] CWE-787 CVE-2020-3415: A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthent A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability

CVE-2020-3394 [HIGH] CWE-285 CVE-2020-3394: A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 900 A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected d

CVE-2020-3165 [HIGH] CWE-798 CVE-2020-3165: A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authen A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD5 authentication is bypassed if the peer does not have

CVE-2020-3168 [HIGH] CWE-399 CVE-2020-3168: A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware v A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attem

CVE-2019-1734 [MEDIUM] CWE-200 CVE-2019-1734: A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco N A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based

CVE-2019-1967 [HIGH] CWE-399 CVE-2019-1967: A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an un A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packe

CVE-2019-1969 [MEDIUM] CWE-264 CVE-2019-1969: A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Contro A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the con

CVE-2019-1965 [HIGH] CWE-400 CVE-2019-1965: A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow a A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system be

CVE-2019-1768 [MEDIUM] CWE-119 CVE-2019-1768: A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system o

CVE-2019-1780 [MEDIUM] CWE-77 CVE-2019-1780: A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authentica A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI com

CVE-2019-1726 [HIGH] CWE-20 CVE-2019-1726: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to a A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicio

CVE-2019-1735 [HIGH] CWE-77 CVE-2019-1735: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by in

CVE-2019-1730 [MEDIUM] CWE-264 CVE-2019-1730: A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticat A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials

CVE-2019-1784 [MEDIUM] CWE-77 CVE-2019-1784: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this

CVE-2019-1778 [MEDIUM] CWE-78 CVE-2019-1778: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this