Cisco NX-OS vulnerabilities

CVE-2018-0298 [HIGH] CWE-20 CVE-2018-0298: A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow a A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet directed to

CVE-2018-0313 [HIGH] CWE-20 CVE-2018-0313: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote a A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied data to the NX-API subsystem. An attacker could exploit th

CVE-2018-0337 [HIGH] CWE-20 CVE-2018-0337: A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issu

CVE-2018-0331 [MEDIUM] CWE-399 CVE-2018-0331: A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Di

CVE-2018-0299 [MEDIUM] CWE-20 CVE-2018-0299: A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco NX-OS on the Cisco A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete validation of an SNMP poll request for a specific

CVE-2018-0301 [CRITICAL] CWE-20 CVE-2018-0301: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the NX-API subsystem. An attacker could exploit this vulner

CVE-2018-0293 [HIGH] CWE-264 CVE-2018-0293: A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenti A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is due to incorrect RBAC privilege assignment for certain CL

CVE-2018-0292 [HIGH] CWE-119 CVE-2018-0292: A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Sof A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability

CVE-2018-0295 [HIGH] CWE-20 CVE-2018-0295: A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could al A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability

CVE-2018-0330 [HIGH] CWE-264 CVE-2018-0330: A vulnerability in the NX-API management application programming interface (API) in devices running, A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker tha

CVE-2018-0307 [HIGH] CWE-20 CVE-2018-0307: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to p A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A

CVE-2018-0291 [MEDIUM] CWE-20 CVE-2018-0291: A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX- A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could e

CVE-2018-0294 [MEDIUM] CWE-264 CVE-2018-0294: A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could all A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete sensitive files when certain CLI commands are used to clear th

CVE-2018-0102 [HIGH] CWE-399 CVE-2018-0102: A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent at A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sendin

CVE-2018-0092 [HIGH] CWE-264 CVE-2018-0092: A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software cou A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is due to a lack of proper role-based access control (RBAC)

CVE-2018-0090 [HIGH] CWE-20 CVE-2018-0090: A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS Syste A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to high CPU utilization and a denial of service (DoS) condit

CVE-2017-12338 [MEDIUM] CWE-20 CVE-2017-12338: A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attack A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted command on the CLI. An exploit could allow the attacker

CVE-2017-12331 [MEDIUM] CWE-347 CVE-2017-12331: A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypas A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and

CVE-2017-12329 [MEDIUM] CWE-77 CVE-2017-12329: A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System So A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting craft

CVE-2017-12336 [MEDIUM] CWE-20 CVE-2017-12336: A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authent A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL