Cisco NX-OS vulnerabilities

CVE-2020-3217 [HIGH] CWE-20 CVE-2020-3217: A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Sof A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insuff

CVE-2020-10136 [MEDIUM] CWE-290 CVE-2020-10136: IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate a IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.

CVE-2020-3165 [HIGH] CWE-798 CVE-2020-3165: A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authen A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD5 authentication is bypassed if the peer does not have

CVE-2020-3175 [HIGH] CWE-664 CVE-2020-3175: A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Mu A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource usage control. An attacker could exploit this vulnerability by sending traf

CVE-2020-3172 [HIGH] CWE-20 CVE-2020-3172: A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Softw A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers

CVE-2020-3168 [HIGH] CWE-399 CVE-2020-3168: A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware v A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attem

CVE-2020-3174 [MEDIUM] CWE-345 CVE-2020-3174: A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticate A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request.

CVE-2020-3170 [MEDIUM] CWE-20 CVE-2020-3170: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP reque

CVE-2020-3119 [HIGH] CWE-787 CVE-2020-3119: A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol

CVE-2020-3120 [MEDIUM] CWE-190 CVE-2020-3120: A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software proce

CVE-2019-1734 [MEDIUM] CWE-200 CVE-2019-1734: A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco N A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based

CVE-2019-12717 [HIGH] CWE-78 CVE-2019-12717: A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Softwar A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affec

CVE-2019-12662 [MEDIUM] CWE-347 CVE-2019-12662: A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, loca A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Op

CVE-2019-1977 [HIGH] CWE-371 CVE-2019-1977: A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets a

CVE-2019-1967 [HIGH] CWE-399 CVE-2019-1967: A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an un A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packe

CVE-2019-1966 [HIGH] CWE-264 CVE-2019-1966: A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the loca

CVE-2019-1968 [HIGH] CWE-20 CVE-2019-1968: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request

CVE-2019-1969 [MEDIUM] CWE-264 CVE-2019-1969: A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Contro A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the con

CVE-2019-1962 [HIGH] CWE-20 CVE-2019-1962: A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauth A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSo

CVE-2019-1965 [HIGH] CWE-400 CVE-2019-1965: A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow a A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system be