Cisco Firepower Extensible Operating System vulnerabilities

CVE-2019-1780 [MEDIUM] CWE-77 CVE-2019-1780: A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authentica A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI com

CVE-2019-1795 [MEDIUM] CWE-77 CVE-2019-1795: A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authentica A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An atta

CVE-2019-1779 [MEDIUM] CWE-77 CVE-2019-1779: A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authentica A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploi

CVE-2019-1598 [HIGH] CWE-20 CVE-2019-1598: Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) f Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP pack

CVE-2019-1597 [HIGH] CWE-20 CVE-2019-1597: Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) f Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP pack

CVE-2019-1600 [MEDIUM] CWE-264 CVE-2019-1600: A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability

CVE-2018-0395 [HIGH] CWE-20 CVE-2018-0395: A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software a A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields o

CVE-2018-0310 [CRITICAL] CWE-399 CVE-2018-0310: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Softwa A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header

CVE-2018-0311 [HIGH] CWE-399 CVE-2018-0311: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Softwa A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets when the software processe

CVE-2018-0303 [HIGH] CWE-20 CVE-2018-0303: A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Sof A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet head

CVE-2018-0302 [HIGH] CWE-20 CVE-2018-0302: A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length

CVE-2018-0298 [HIGH] CWE-20 CVE-2018-0298: A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow a A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet directed to

CVE-2018-0331 [MEDIUM] CWE-399 CVE-2018-0331: A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Di

CVE-2018-0294 [MEDIUM] CWE-264 CVE-2018-0294: A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could all A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete sensitive files when certain CLI commands are used to clear th

CVE-2017-12299 [MEDIUM] CWE-20 CVE-2017-12299: A vulnerability exists in the process of creating default IP blocks during device initialization for A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. The vulnerability is

CVE-2017-12277 [HIGH] CWE-20 CVE-2017-12277: A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Gener A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart

CVE-2017-3883 [HIGH] CWE-770 CVE-2017-3883: A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco F A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving kee

CVE-2017-6597 [HIGH] CWE-78 CVE-2017-6597: A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, C A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.

CVE-2017-6600 [HIGH] CWE-78 CVE-2017-6600: A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. K

CVE-2017-6601 [HIGH] CWE-78 CVE-2017-6601: A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. K