Cisco Nx-Os Software vulnerabilities
88 known vulnerabilities affecting cisco/cisco_nx-os_software.
Total CVEs
88
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH34MEDIUM53
Vulnerabilities
Page 4 of 5
CVE-2019-1778MEDIUMCVSS 6.7≥ unspecified, < 7.0(3)I7(4)2019-05-15
CVE-2019-1778 [MEDIUM] CWE-78 CVE-2019-1778: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this
nvd
CVE-2019-1776MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1776 [MEDIUM] CWE-78 CVE-2019-1776: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vu
nvd
CVE-2019-1728MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1728 [MEDIUM] CWE-347 CVE-2019-1728: A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisc
A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration informatio
nvd
CVE-2019-1810MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1810 [MEDIUM] CWE-347 CVE-2019-1810: A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Ne
A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not
nvd
CVE-2019-1812MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1812 [MEDIUM] CWE-347 CVE-2019-1812: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an a
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attack
nvd
CVE-2019-1795MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1795 [MEDIUM] CWE-77 CVE-2019-1795: A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authentica
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An atta
nvd
CVE-2019-1731MEDIUMCVSS 4.4≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1731 [MEDIUM] CWE-200 CVE-2019-1731: A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an a
A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a spe
nvd
CVE-2019-1813MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1813 [MEDIUM] CWE-347 CVE-2019-1813: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an a
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attack
nvd
CVE-2019-1808MEDIUMCVSS 4.4≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1808 [MEDIUM] CWE-347 CVE-2019-1808: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an a
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulne
nvd
CVE-2019-1730MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1730 [MEDIUM] CWE-264 CVE-2019-1730: A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticat
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials
nvd
CVE-2019-1783MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1783 [MEDIUM] CWE-77 CVE-2019-1783: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device.
nvd
CVE-2019-1790MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1790 [MEDIUM] CWE-77 CVE-2019-1790: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulne
nvd
CVE-2019-1733MEDIUMCVSS 5.4≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1733 [MEDIUM] CWE-79 CVE-2019-1733: A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an aut
A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. A
nvd
CVE-2019-1782MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1782 [MEDIUM] CWE-77 CVE-2019-1782: A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authentica
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by
nvd
CVE-2019-1775MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1775 [MEDIUM] CWE-78 CVE-2019-1775: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious inpu
nvd
CVE-2019-1781MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1781 [MEDIUM] CWE-77 CVE-2019-1781: A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authentica
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by
nvd
CVE-2019-1732MEDIUMCVSS 6.4≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1732 [MEDIUM] CWE-78 CVE-2019-1732: A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an
A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper l
nvd
CVE-2019-1791MEDIUMCVSS 6.7≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1791 [MEDIUM] CWE-77 CVE-2019-1791: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could
nvd
CVE-2019-1770MEDIUMCVSS 6.7≥ unspecified, < n/a2019-05-15
CVE-2019-1770 [MEDIUM] CWE-78 CVE-2019-1770: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device.
nvd
CVE-2019-1729MEDIUMCVSS 6.0≥ unspecified, < 8.3(1)2019-05-15
CVE-2019-1729 [MEDIUM] CWE-20 CVE-2019-1729: A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco
A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no
nvd