Cisco NX-OS vulnerabilities

CVE-2021-1588 [HIGH] CWE-126 CVE-2021-1588: A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply pac

CVE-2021-1523 [HIGH] CWE-772 CVE-2021-1523: A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (AC A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in one or more leaf switches being removed from the fabric

CVE-2021-1586 [HIGH] CWE-345 CVE-2021-1586: A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fa A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition. This vulnerability exists because TCP traffic sent to a sp

CVE-2021-1583 [MEDIUM] CWE-284 CVE-2021-1583: A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series F A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges c

CVE-2021-1584 [MEDIUM] CWE-78 CVE-2021-1584: A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (AC A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could expl

CVE-2021-1591 [MEDIUM] CWE-284 CVE-2021-1591: A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches coul A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are configured on an affected device. This vulnerability is due to oversubscription of resources that occurs when applying ACLs to port channel interfaces. An att

CVE-2021-1590 [MEDIUM] CWE-787 CVE-2021-1590: A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when a

CVE-2021-1361 [CRITICAL] CWE-552 CVE-2021-1361: A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Se A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This

CVE-2021-1387 [HIGH] CWE-401 CVE-2021-1387: A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could expl

CVE-2021-1368 [HIGH] CWE-787 CVE-2021-1368: A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An a

CVE-2021-1227 [HIGH] CWE-352 CVE-2021-1227: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of th

CVE-2021-1230 [HIGH] CWE-233 CVE-2021-1230: A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches i A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service (DoS) condition. This vulnerability is due to an issue with the installation of ro

CVE-2021-1228 [MEDIUM] CWE-284 CVE-2021-1228: A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Serie A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. This vulnerability is due to insufficient

CVE-2021-1231 [MEDIUM] CWE-284 CVE-2021-1231: A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP p

CVE-2021-1229 [MEDIUM] CWE-401 CVE-2021-1229: A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthe A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition. This vulnerability is due to improper error handling when an IPv6-configured interface receives a specific type of ICMPv6 pa

CVE-2021-1367 [MEDIUM] CWE-20 CVE-2021-1367: A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could al A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an a

CVE-2020-3517 [HIGH] CWE-476 CVE-2020-3517: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Softwa A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about

CVE-2020-3415 [HIGH] CWE-787 CVE-2020-3415: A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthent A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability

CVE-2020-3504 [LOW] CWE-664 CVE-2020-3504: A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow a A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the

CVE-2020-3228 [HIGH] CWE-20 CVE-2020-3228: A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE So A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker coul