Cisco Firepower Extensible Operating System vulnerabilities

CVE-2024-20294 [MEDIUM] CWE-805 CVE-2024-20294: A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vu

CVE-2022-20934 [MEDIUM] CWE-77 CVE-2022-20934: A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by inje

CVE-2022-20625 [MEDIUM] CWE-399 CVE-2022-20625: A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Softw A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisc

CVE-2021-34714 [HIGH] CWE-20 CVE-2021-34714: A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IO A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An att

CVE-2021-1368 [HIGH] CWE-787 CVE-2021-1368: A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An a

CVE-2020-3459 [HIGH] CWE-78 CVE-2020-3459: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to in A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted in

CVE-2020-3455 [HIGH] CWE-693 CVE-2020-3455: A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, loca A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into a specific file that is then referenced during the device

CVE-2020-3456 [HIGH] CWE-352 CVE-2020-3456: A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an u A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due to insufficient CSRF protections for the FCM interface. An attacker could exploit this vulnerability by pe

CVE-2020-3457 [MEDIUM] CWE-78 CVE-2020-3457: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to in A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted

CVE-2020-3545 [MEDIUM] CWE-119 CVE-2020-3545: A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrat A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is process

CVE-2020-3517 [HIGH] CWE-476 CVE-2020-3517: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Softwa A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about

CVE-2020-3172 [HIGH] CWE-20 CVE-2020-3172: A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Softw A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers

CVE-2020-3167 [HIGH] CWE-78 CVE-2020-3167: A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an auth A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A

CVE-2020-3169 [MEDIUM] CWE-78 CVE-2020-3169: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to ex A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker

CVE-2020-3166 [MEDIUM] CWE-20 CVE-2020-3166: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to re A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit co

CVE-2020-3120 [MEDIUM] CWE-190 CVE-2020-3120: A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software proce

CVE-2019-1734 [MEDIUM] CWE-200 CVE-2019-1734: A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco N A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based

CVE-2019-12699 [HIGH] CWE-20 CVE-2019-12699: Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by incl

CVE-2019-12700 [MEDIUM] CWE-400 CVE-2019-12700: A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Fire A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource ma

CVE-2019-1858 [HIGH] CWE-20 CVE-2019-1858: A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXO A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when