Cisco Nx-Os Software vulnerabilities

CVE-2019-1727 [MEDIUM] CWE-264 CVE-2019-1727: A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticat A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the s

CVE-2019-1769 [MEDIUM] CWE-78 CVE-2019-1769: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command

CVE-2019-1770 [MEDIUM] CWE-78 CVE-2019-1770: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device.

CVE-2019-1809 [MEDIUM] CWE-347 CVE-2019-1809: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an a A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulne

CVE-2019-1779 [MEDIUM] CWE-77 CVE-2019-1779: A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authentica A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploi

CVE-2019-1595 [MEDIUM] CWE-913 CVE-2019-1595: A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Sof A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to subm

CVE-2018-0395 [MEDIUM] CWE-20 CVE-2018-0395: A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software a A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields

CVE-2017-12301 [MEDIUM] CWE-20 CVE-2017-12301: A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied p