Cisco NX-OS vulnerabilities

CVE-2024-20284 [MEDIUM] CWE-693 CVE-2024-20284: A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low- A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerab

CVE-2024-20286 [MEDIUM] CWE-693 CVE-2024-20286: A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low- A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerab

CVE-2024-20285 [MEDIUM] CWE-653 CVE-2024-20285: A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low- A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerab

CVE-2024-20399 [MEDIUM] CWE-78 CVE-2024-20399: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession o A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An at

CVE-2024-20321 [HIGH] CWE-400 CVE-2024-20321: A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Softwar A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulner

CVE-2024-20267 [HIGH] CWE-120 CVE-2024-20267: A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenti A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame.

CVE-2024-20294 [MEDIUM] CWE-805 CVE-2024-20294: A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vu

CVE-2024-20291 [MEDIUM] CWE-284 CVE-2024-20291: A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs wh

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-20169 [HIGH] CWE-788 CVE-2023-20169: A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS So A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to r

CVE-2023-20115 [MEDIUM] CWE-671 CVE-2023-20115: A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Seri A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when

CVE-2023-20168 [HIGH] CWE-120 CVE-2023-20168: A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An atta

CVE-2023-20185 [HIGH] CWE-330 CVE-2023-20185: A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series F A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on af

CVE-2023-20050 [MEDIUM] CWE-78 CVE-2023-20050: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to e A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including cr

CVE-2023-20089 [HIGH] CWE-789 CVE-2023-20089: A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabr A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when p

CVE-2022-20623 [HIGH] CWE-399 CVE-2022-20623: A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker cou

CVE-2022-20624 [HIGH] CWE-400 CVE-2022-20624: A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted

CVE-2022-20650 [HIGH] CWE-78 CVE-2022-20650: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote a A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to

CVE-2022-20625 [MEDIUM] CWE-399 CVE-2022-20625: A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Softw A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisc

CVE-2021-34714 [HIGH] CWE-20 CVE-2021-34714: A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IO A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An att