Cisco NX-OS vulnerabilities

CVE-2019-1596 [HIGH] CWE-264 CVE-2019-1596: A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticat A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. An attacker could exploit this vulnerability by authenticat

CVE-2019-1598 [HIGH] CWE-20 CVE-2019-1598: Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) f Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP pack

CVE-2019-1597 [HIGH] CWE-20 CVE-2019-1597: Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) f Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP pack

CVE-2019-1600 [MEDIUM] CWE-264 CVE-2019-1600: A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability

CVE-2019-1594 [HIGH] CWE-264 CVE-2019-1594: A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by

CVE-2019-1591 [HIGH] CWE-264 CVE-2019-1591: A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a specific CLI command with parameters on an affected device

CVE-2019-1593 [HIGH] CWE-264 CVE-2019-1593: A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticat A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to the incorrect implementation of a Bash shell command that al

CVE-2019-1585 [HIGH] CWE-16 CVE-2019-1585: A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Sw A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An at

CVE-2019-1588 [MEDIUM] CWE-20 CVE-2019-1588: A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infras A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A suc

CVE-2019-1595 [MEDIUM] CWE-913 CVE-2019-1595: A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Sof A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to subm

CVE-2018-0456 [HIGH] CWE-20 CVE-2018-0456: A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX- A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exp

CVE-2018-0378 [HIGH] CWE-20 CVE-2018-0378: A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Ser A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of protection against PTP frame flood attacks. An attacker coul

CVE-2018-0395 [MEDIUM] CWE-20 CVE-2018-0395: A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software a A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields

CVE-2018-0372 [HIGH] CWE-400 CVE-2018-0372: A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application- A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS) condition on an affected system. The vulnerability is due to improper memory

CVE-2018-0310 [CRITICAL] CWE-399 CVE-2018-0310: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Softwa A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header

CVE-2018-0311 [HIGH] CWE-399 CVE-2018-0311: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Softwa A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets when the software processe

CVE-2018-0303 [HIGH] CWE-20 CVE-2018-0303: A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Sof A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet head

CVE-2018-0309 [HIGH] CWE-400 CVE-2018-0309: A vulnerability in the implementation of a specific CLI command and the associated Simple Network Ma A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of service (DoS) condi

CVE-2018-0302 [HIGH] CWE-20 CVE-2018-0302: A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length

CVE-2018-0306 [HIGH] CWE-20 CVE-2018-0306: A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attack A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI comm