Cisco Nx-Os Software vulnerabilities

CVE-2019-1776 [MEDIUM] CWE-78 CVE-2019-1776: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vu

CVE-2019-1767 [MEDIUM] CWE-119 CVE-2019-1767: A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system o

CVE-2019-1795 [MEDIUM] CWE-77 CVE-2019-1795: A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authentica A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An atta

CVE-2019-1728 [MEDIUM] CWE-347 CVE-2019-1728: A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisc A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration informatio

CVE-2019-1774 [MEDIUM] CWE-78 CVE-2019-1774: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious inpu

CVE-2019-1808 [MEDIUM] CWE-347 CVE-2019-1808: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an a A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulne

CVE-2019-1810 [MEDIUM] CWE-347 CVE-2019-1810: A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Ne A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not

CVE-2019-1812 [MEDIUM] CWE-347 CVE-2019-1812: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an a A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attack

CVE-2019-1790 [MEDIUM] CWE-77 CVE-2019-1790: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulne

CVE-2019-1733 [MEDIUM] CWE-79 CVE-2019-1733: A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an aut A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. A

CVE-2019-1731 [MEDIUM] CWE-200 CVE-2019-1731: A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an a A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a spe

CVE-2019-1813 [MEDIUM] CWE-347 CVE-2019-1813: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an a A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attack

CVE-2019-1811 [MEDIUM] CWE-347 CVE-2019-1811: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an a A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attack

CVE-2019-1782 [MEDIUM] CWE-77 CVE-2019-1782: A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authentica A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by

CVE-2019-1783 [MEDIUM] CWE-77 CVE-2019-1783: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device.

CVE-2019-1775 [MEDIUM] CWE-78 CVE-2019-1775: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious inpu

CVE-2019-1791 [MEDIUM] CWE-77 CVE-2019-1791: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could

CVE-2019-1729 [MEDIUM] CWE-20 CVE-2019-1729: A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no

CVE-2019-1781 [MEDIUM] CWE-77 CVE-2019-1781: A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authentica A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by

CVE-2019-1732 [MEDIUM] CWE-78 CVE-2019-1732: A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper l