Cisco Fxos vulnerabilities

9 known vulnerabilities affecting cisco/fxos.

Total CVEs
9
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH4MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2023-20016MEDIUMCVSS 6.5fixed in 2.6.12023-02-23
CVE-2023-20016 [MEDIUM] CWE-321 CVE-2023-20016: A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configu A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the
nvd
CVE-2021-44228CRITICALCVSS 10.0KEVPoCv6.2.3v6.3.0+6 more2021-12-10
CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD
nvd
CVE-2021-34714HIGHCVSS 7.4≥ 2.2, < 2.2.2.148≥ 2.3, < 2.3.1.216+5 more2021-09-23
CVE-2021-34714 [HIGH] CWE-20 CVE-2021-34714: A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IO A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An att
nvd
CVE-2020-3171HIGHCVSS 7.8v2.4\(1.214\)v2.4\(1.216\)2020-02-26
CVE-2020-3171 [HIGH] CWE-78 CVE-2020-3171: A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manage A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by
nvd
CVE-2020-3120MEDIUMCVSS 6.5v2.42020-02-05
CVE-2020-3120 [MEDIUM] CWE-190 CVE-2020-3120: A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software proce
nvd
CVE-2018-0300HIGHCVSS 7.2v2.0\(1.68\)2018-06-21
CVE-2018-0300 [HIGH] CWE-22 CVE-2018-0300: A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepo A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary files on an affected device. The vulnerability is due to in
nvd
CVE-2018-0331MEDIUMCVSS 6.5≥ 2.2.2, < 2.2.2.14≥ 1.1, < 2.0.1.1522018-06-21
CVE-2018-0331 [MEDIUM] CWE-399 CVE-2018-0331: A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Di
nvd
CVE-2018-0294MEDIUMCVSS 6.7≥ 1.1, < 2.0.1.1592018-06-20
CVE-2018-0294 [MEDIUM] CWE-264 CVE-2018-0294: A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could all A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete sensitive files when certain CLI commands are used to clear th
nvd
CVE-2017-3883HIGHCVSS 8.6v2.32017-10-19
CVE-2017-3883 [HIGH] CWE-770 CVE-2017-3883: A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco F A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving kee
nvd