All the vulnerabilites related to Cisco - Cisco Firepower Extensible Operating System (FXOS)
cve-2023-20200
Vulnerability from cvelistv5
Published
2023-08-23 18:20
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:35.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "3.1(1e)" }, { "status": "affected", "version": "3.1(1g)" }, { "status": "affected", "version": "3.1(1h)" }, { "status": "affected", "version": "3.1(1k)" }, { "status": "affected", "version": "3.1(1l)" }, { "status": "affected", "version": "3.1(2b)" }, { "status": "affected", "version": "3.1(2c)" }, { "status": "affected", "version": "3.1(2e)" }, { "status": "affected", "version": "3.1(2f)" }, { "status": "affected", "version": "3.1(2g)" }, { "status": "affected", "version": "3.1(2h)" }, { "status": "affected", "version": "3.1(3a)" }, { "status": "affected", "version": "3.1(3b)" }, { "status": "affected", "version": "3.1(3c)" }, { "status": "affected", "version": "3.1(3d)" }, { "status": "affected", "version": "3.1(3e)" }, { "status": "affected", "version": "3.1(3f)" }, { "status": "affected", "version": "3.1(3h)" }, { "status": "affected", "version": "3.1(3j)" }, { "status": "affected", "version": "3.1(3k)" }, { "status": "affected", "version": "3.1(2d)" }, { "status": "affected", "version": "3.1(3l)" }, { "status": "affected", "version": "3.2(1d)" }, { "status": "affected", "version": "3.2(2b)" }, { "status": "affected", "version": "3.2(2c)" }, { "status": "affected", "version": "3.2(2d)" }, { "status": "affected", "version": "3.2(2e)" }, { "status": "affected", "version": "3.2(2f)" }, { "status": "affected", "version": "3.2(3a)" }, { "status": "affected", "version": "3.2(3b)" }, { "status": "affected", "version": "3.2(3d)" }, { "status": "affected", "version": "3.2(3e)" }, { "status": "affected", "version": "3.2(3g)" }, { "status": "affected", "version": "3.2(3h)" }, { "status": "affected", "version": "3.2(3i)" }, { "status": "affected", "version": "3.2(3j)" }, { "status": "affected", "version": "3.2(3k)" }, { "status": "affected", "version": "3.2(3l)" }, { "status": "affected", "version": "3.2(3n)" }, { "status": "affected", "version": "3.2(3o)" }, { "status": "affected", "version": "3.2(3p)" }, { "status": "affected", "version": "4.0(1a)" }, { "status": "affected", "version": "4.0(1b)" }, { "status": "affected", "version": "4.0(1c)" }, { "status": "affected", "version": "4.0(1d)" }, { "status": "affected", "version": "4.0(2a)" }, { "status": "affected", "version": "4.0(2b)" }, { "status": "affected", "version": "4.0(2d)" }, { "status": "affected", "version": "4.0(2e)" }, { "status": "affected", "version": "4.0(4b)" }, { "status": "affected", "version": "4.0(4c)" }, { "status": "affected", "version": "4.0(4d)" }, { "status": "affected", "version": "4.0(4e)" }, { "status": "affected", "version": "4.0(4f)" }, { "status": "affected", "version": "4.0(4g)" }, { "status": "affected", "version": "4.0(4h)" }, { "status": "affected", "version": "4.0(4a)" }, { "status": "affected", "version": "4.0(4i)" }, { "status": "affected", "version": "4.0(4k)" }, { "status": "affected", "version": "4.0(4l)" }, { "status": "affected", "version": "4.0(4m)" }, { "status": "affected", "version": "4.0(4n)" }, { "status": "affected", "version": "4.0(4o)" }, { "status": "affected", "version": "4.1(1a)" }, { "status": "affected", "version": "4.1(1b)" }, { "status": "affected", "version": "4.1(1c)" }, { "status": "affected", "version": "4.1(2a)" }, { "status": "affected", "version": "4.1(1d)" }, { "status": "affected", "version": "4.1(1e)" }, { "status": "affected", "version": "4.1(2b)" }, { "status": "affected", "version": "4.1(3a)" }, { "status": "affected", "version": "4.1(3b)" }, { "status": "affected", "version": "4.1(2c)" }, { "status": "affected", "version": "4.1(3d)" }, { "status": "affected", "version": "4.1(3c)" }, { "status": "affected", "version": "4.1(3e)" }, { "status": "affected", "version": "4.1(3f)" }, { "status": "affected", "version": "4.1(3h)" }, { "status": "affected", "version": "4.1(3i)" }, { "status": "affected", "version": "4.1(3j)" }, { "status": "affected", "version": "4.1(3k)" }, { "status": "affected", "version": "4.2(1d)" }, { "status": "affected", "version": "4.2(1c)" }, { "status": "affected", "version": "4.2(1f)" }, { "status": "affected", "version": "4.2(1i)" }, { "status": "affected", "version": "4.2(1k)" }, { "status": "affected", "version": "4.2(1l)" }, { "status": "affected", "version": "4.2(1m)" }, { "status": "affected", "version": "4.2(2a)" }, { "status": "affected", "version": "4.2(2c)" }, { "status": "affected", "version": "4.2(1n)" }, { "status": "affected", "version": "4.2(2d)" }, { "status": "affected", "version": "4.2(3b)" }, { "status": "affected", "version": "4.2(2e)" } ] }, { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "2.2.1.63" }, { "status": "affected", "version": "2.2.1.66" }, { "status": "affected", "version": "2.2.1.70" }, { "status": "affected", "version": "2.2.2.17" }, { "status": "affected", "version": "2.2.2.19" }, { "status": "affected", "version": "2.2.2.24" }, { "status": "affected", "version": "2.2.2.26" }, { "status": "affected", "version": "2.2.2.28" }, { "status": "affected", "version": "2.2.2.54" }, { "status": "affected", "version": "2.2.2.60" }, { "status": "affected", "version": "2.3.1.93" }, { "status": "affected", "version": "2.3.1.91" }, { "status": "affected", "version": "2.3.1.88" }, { "status": "affected", "version": "2.3.1.75" }, { "status": "affected", "version": "2.3.1.73" }, { "status": "affected", "version": "2.3.1.66" }, { "status": "affected", "version": "2.3.1.58" }, { "status": "affected", "version": "2.3.1.56" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\r\n\r Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:56.220Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO" } ], "source": { "advisory": "cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO", "defects": [ "CSCwd38796", "CSCwe12029", "CSCvi80806" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20200", "datePublished": "2023-08-23T18:20:09.900Z", "dateReserved": "2022-10-27T18:47:50.365Z", "dateUpdated": "2024-08-02T09:05:35.047Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3455
Vulnerability from cvelistv5
Published
2020-10-21 18:36
Modified
2024-11-13 17:48
Severity ?
EPSS score ?
Summary
Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbp-XTuPkYTn | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Firepower Extensible Operating System (FXOS) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:37:54.973Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20201021 Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbp-XTuPkYTn" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3455", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:17:19.550987Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:48:47.807Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-10-21T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into a specific file that is then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device which would be executed at each boot and maintain persistence across reboots." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-693", "description": "CWE-693", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-21T18:36:19", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20201021 Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbp-XTuPkYTn" } ], "source": { "advisory": "cisco-sa-fxos-sbbp-XTuPkYTn", "defect": [ [ "CSCvt31171" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-10-21T16:00:00", "ID": "CVE-2020-3455", "STATE": "PUBLIC", "TITLE": "Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Firepower Extensible Operating System (FXOS)", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into a specific file that is then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device which would be executed at each boot and maintain persistence across reboots." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-693" } ] } ] }, "references": { "reference_data": [ { "name": "20201021 Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbp-XTuPkYTn" } ] }, "source": { "advisory": "cisco-sa-fxos-sbbp-XTuPkYTn", "defect": [ [ "CSCvt31171" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3455", "datePublished": "2020-10-21T18:36:19.422407Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T17:48:47.807Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3166
Vulnerability from cvelistv5
Published
2020-02-26 16:51
Modified
2024-11-15 17:37
Severity ?
EPSS score ?
Summary
Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Firepower Extensible Operating System (FXOS) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:24:00.654Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200226 Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3166", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:29:15.961494Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:37:05.421Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2020-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-26T16:51:11", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200226 Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file" } ], "source": { "advisory": "cisco-sa-20200226-fxos-cli-file", "defect": [ [ "CSCvo42637", "CSCvr09748" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-02-26T16:00:00-0800", "ID": "CVE-2020-3166", "STATE": "PUBLIC", "TITLE": "Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Firepower Extensible Operating System (FXOS)", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.2", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20200226 Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file" } ] }, "source": { "advisory": "cisco-sa-20200226-fxos-cli-file", "defect": [ [ "CSCvo42637", "CSCvr09748" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3166", "datePublished": "2020-02-26T16:51:11.143878Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-15T17:37:05.421Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1700
Vulnerability from cvelistv5
Published
2019-02-21 21:00
Modified
2024-09-17 03:03
Severity ?
EPSS score ?
Summary
Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/107105 | vdb-entry, x_refsource_BID | |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-firpwr-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Firepower Extensible Operating System (FXOS) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.833Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "107105", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/107105" }, { "name": "20190220 Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-firpwr-dos" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "2.2" } ] } ], "datePublic": "2019-02-20T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. Manual intervention may be required before a device will resume normal operations. The vulnerability is due to a logic error in the FPGA related to the processing of different types of input packets. An attacker could exploit this vulnerability by being on the adjacent subnet and sending a crafted sequence of input packets to a specific interface on an affected device. A successful exploit could allow the attacker to cause a queue wedge condition on the interface. When a wedge occurs, the affected device will stop processing any additional packets that are received on the wedged interface. Version 2.2 is affected." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-02-22T10:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "107105", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/107105" }, { "name": "20190220 Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-firpwr-dos" } ], "source": { "advisory": "cisco-sa-20190220-firpwr-dos", "defect": [ [ "CSCvn57812" ] ], "discovery": "INTERNAL" }, "title": "Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-02-20T16:00:00-0800", "ID": "CVE-2019-1700", "STATE": "PUBLIC", "TITLE": "Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Firepower Extensible Operating System (FXOS)", "version": { "version_data": [ { "version_value": "2.2" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. Manual intervention may be required before a device will resume normal operations. The vulnerability is due to a logic error in the FPGA related to the processing of different types of input packets. An attacker could exploit this vulnerability by being on the adjacent subnet and sending a crafted sequence of input packets to a specific interface on an affected device. A successful exploit could allow the attacker to cause a queue wedge condition on the interface. When a wedge occurs, the affected device will stop processing any additional packets that are received on the wedged interface. Version 2.2 is affected." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.1", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-399" } ] } ] }, "references": { "reference_data": [ { "name": "107105", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107105" }, { "name": "20190220 Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-firpwr-dos" } ] }, "source": { "advisory": "cisco-sa-20190220-firpwr-dos", "defect": [ [ "CSCvn57812" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1700", "datePublished": "2019-02-21T21:00:00Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-17T03:03:04.792Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20865
Vulnerability from cvelistv5
Published
2022-08-25 18:40
Modified
2024-11-06 16:07
Severity ?
EPSS score ?
Summary
Cisco FXOS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Firepower Extensible Operating System (FXOS) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:24:50.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20220824 Cisco FXOS Software Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20865", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-06T16:00:03.561463Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-06T16:07:46.975Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-08-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-25T18:40:16", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20220824 Cisco FXOS Software Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH" } ], "source": { "advisory": "cisco-sa-fxos-cmdinj-TxcLNZNH", "defect": [ [ "CSCwc38361" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-08-24T16:00:00", "ID": "CVE-2022-20865", "STATE": "PUBLIC", "TITLE": "Cisco FXOS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Firepower Extensible Operating System (FXOS)", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "20220824 Cisco FXOS Software Command Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH" } ] }, "source": { "advisory": "cisco-sa-fxos-cmdinj-TxcLNZNH", "defect": [ [ "CSCwc38361" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20865", "datePublished": "2022-08-25T18:40:16.485342Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-06T16:07:46.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20934
Vulnerability from cvelistv5
Published
2022-11-10 17:34
Modified
2024-11-19 21:04
Severity ?
EPSS score ?
Summary
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root.
This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:31:57.971Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-ftd-fxos-cmd-inj-Q9bLNsrK", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-fxos-cmd-inj-Q9bLNsrK" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20934", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-01-29T21:06:56.393039Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-19T21:04:59.680Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Firepower Threat Defense Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.2.3" }, { "status": "affected", "version": "6.2.3.1" }, { "status": "affected", "version": "6.2.3.2" }, { "status": "affected", "version": "6.2.3.3" }, { "status": "affected", "version": "6.2.3.4" }, { "status": "affected", "version": "6.2.3.5" }, { "status": "affected", "version": "6.2.3.6" }, { "status": "affected", "version": "6.2.3.7" }, { "status": "affected", "version": "6.2.3.8" }, { "status": "affected", "version": "6.2.3.10" }, { "status": "affected", "version": "6.2.3.11" }, { "status": "affected", "version": "6.2.3.9" }, { "status": "affected", "version": "6.2.3.12" }, { "status": "affected", "version": "6.2.3.13" }, { "status": "affected", "version": "6.2.3.14" }, { "status": "affected", "version": "6.2.3.15" }, { "status": "affected", "version": "6.2.3.16" }, { "status": "affected", "version": "6.2.3.17" }, { "status": "affected", "version": "6.2.3.18" }, { "status": "affected", "version": "6.6.0" }, { "status": "affected", "version": "6.6.0.1" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.6.3" }, { "status": "affected", "version": "6.6.4" }, { "status": "affected", "version": "6.6.5" }, { "status": "affected", "version": "6.6.5.1" }, { "status": "affected", "version": "6.6.5.2" }, { "status": "affected", "version": "6.6.7" }, { "status": "affected", "version": "6.4.0" }, { "status": "affected", "version": "6.4.0.1" }, { "status": "affected", "version": "6.4.0.3" }, { "status": "affected", "version": "6.4.0.2" }, { "status": "affected", "version": "6.4.0.4" }, { "status": "affected", "version": "6.4.0.5" }, { "status": "affected", "version": "6.4.0.6" }, { "status": "affected", "version": "6.4.0.7" }, { "status": "affected", "version": "6.4.0.8" }, { "status": "affected", "version": "6.4.0.9" }, { "status": "affected", "version": "6.4.0.10" }, { "status": "affected", "version": "6.4.0.11" }, { "status": "affected", "version": "6.4.0.12" }, { "status": "affected", "version": "6.4.0.13" }, { "status": "affected", "version": "6.4.0.14" }, { "status": "affected", "version": "6.4.0.15" }, { "status": "affected", "version": "6.7.0" }, { "status": "affected", "version": "6.7.0.1" }, { "status": "affected", "version": "6.7.0.2" }, { "status": "affected", "version": "6.7.0.3" }, { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.0.1" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.1.1" }, { "status": "affected", "version": "7.0.2" }, { "status": "affected", "version": "7.0.2.1" }, { "status": "affected", "version": "7.0.3" }, { "status": "affected", "version": "7.0.4" }, { "status": "affected", "version": "7.1.0" }, { "status": "affected", "version": "7.1.0.1" }, { "status": "affected", "version": "7.1.0.2" }, { "status": "affected", "version": "7.2.0" }, { "status": "affected", "version": "7.2.0.1" } ] }, { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "2.2.1.63" }, { "status": "affected", "version": "2.2.1.66" }, { "status": "affected", "version": "2.2.1.70" }, { "status": "affected", "version": "2.2.2.17" }, { "status": "affected", "version": "2.2.2.19" }, { "status": "affected", "version": "2.2.2.24" }, { "status": "affected", "version": "2.2.2.26" }, { "status": "affected", "version": "2.2.2.28" }, { "status": "affected", "version": "2.2.2.54" }, { "status": "affected", "version": "2.2.2.60" }, { "status": "affected", "version": "2.2.2.71" }, { "status": "affected", "version": "2.2.2.83" }, { "status": "affected", "version": "2.2.2.86" }, { "status": "affected", "version": "2.2.2.91" }, { "status": "affected", "version": "2.2.2.97" }, { "status": "affected", "version": "2.2.2.101" }, { "status": "affected", "version": "2.2.2.137" }, { "status": "affected", "version": "2.2.2.148" }, { "status": "affected", "version": "2.2.2.149" }, { "status": "affected", "version": "2.3.1.99" }, { "status": "affected", "version": "2.3.1.93" }, { "status": "affected", "version": "2.3.1.91" }, { "status": "affected", "version": "2.3.1.88" }, { "status": "affected", "version": "2.3.1.75" }, { "status": "affected", "version": "2.3.1.73" }, { "status": "affected", "version": "2.3.1.66" }, { "status": "affected", "version": "2.3.1.58" }, { "status": "affected", "version": "2.3.1.130" }, { "status": "affected", "version": "2.3.1.111" }, { "status": "affected", "version": "2.3.1.110" }, { "status": "affected", "version": "2.3.1.144" }, { "status": "affected", "version": "2.3.1.145" }, { "status": "affected", "version": "2.3.1.155" }, { "status": "affected", "version": "2.3.1.166" }, { "status": "affected", "version": "2.3.1.173" }, { "status": "affected", "version": "2.3.1.179" }, { "status": "affected", "version": "2.3.1.180" }, { "status": "affected", "version": "2.3.1.56" }, { "status": "affected", "version": "2.3.1.190" }, { "status": "affected", "version": "2.3.1.215" }, { "status": "affected", "version": "2.3.1.216" }, { "status": "affected", "version": "2.3.1.219" }, { "status": "affected", "version": "2.6.1.131" }, { "status": "affected", "version": "2.6.1.157" }, { "status": "affected", "version": "2.6.1.166" }, { "status": "affected", "version": "2.6.1.169" }, { "status": "affected", "version": "2.6.1.174" }, { "status": "affected", "version": "2.6.1.187" }, { "status": "affected", "version": "2.6.1.192" }, { "status": "affected", "version": "2.6.1.204" }, { "status": "affected", "version": "2.6.1.214" }, { "status": "affected", "version": "2.6.1.224" }, { "status": "affected", "version": "2.6.1.229" }, { "status": "affected", "version": "2.6.1.230" }, { "status": "affected", "version": "2.6.1.238" }, { "status": "affected", "version": "2.6.1.239" }, { "status": "affected", "version": "2.6.1.254" }, { "status": "affected", "version": "2.8.1.105" }, { "status": "affected", "version": "2.8.1.125" }, { "status": "affected", "version": "2.8.1.139" }, { "status": "affected", "version": "2.8.1.143" }, { "status": "affected", "version": "2.8.1.152" }, { "status": "affected", "version": "2.8.1.162" }, { "status": "affected", "version": "2.8.1.164" }, { "status": "affected", "version": "2.8.1.172" }, { "status": "affected", "version": "2.9.1.131" }, { "status": "affected", "version": "2.9.1.135" }, { "status": "affected", "version": "2.9.1.143" }, { "status": "affected", "version": "2.9.1.150" }, { "status": "affected", "version": "2.9.1.158" }, { "status": "affected", "version": "2.10.1.159" }, { "status": "affected", "version": "2.10.1.166" }, { "status": "affected", "version": "2.10.1.179" }, { "status": "affected", "version": "2.11.1.154" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root.\r\n\r This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:16.127Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-ftd-fxos-cmd-inj-Q9bLNsrK", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-fxos-cmd-inj-Q9bLNsrK" } ], "source": { "advisory": "cisco-sa-ftd-fxos-cmd-inj-Q9bLNsrK", "defects": [ "CSCwb41854", "CSCwc02133" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20934", "datePublished": "2022-11-10T17:34:14.014Z", "dateReserved": "2021-11-02T13:28:29.192Z", "dateUpdated": "2024-11-19T21:04:59.680Z", "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3459
Vulnerability from cvelistv5
Published
2020-10-21 18:35
Modified
2024-11-13 17:49
Severity ?
EPSS score ?
Summary
Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Firepower Extensible Operating System (FXOS) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:37:54.127Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20201021 Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3459", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:17:25.426580Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:49:25.983Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-10-21T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-21T18:35:59", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20201021 Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm" } ], "source": { "advisory": "cisco-sa-fxos-cmdinj-b63rwKPm", "defect": [ [ "CSCvt65399" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-10-21T16:00:00", "ID": "CVE-2020-3459", "STATE": "PUBLIC", "TITLE": "Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Firepower Extensible Operating System (FXOS)", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "20201021 Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-b63rwKPm" } ] }, "source": { "advisory": "cisco-sa-fxos-cmdinj-b63rwKPm", "defect": [ [ "CSCvt65399" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3459", "datePublished": "2020-10-21T18:35:59.759359Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T17:49:25.983Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20294
Vulnerability from cvelistv5
Published
2024-02-28 16:16
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device.
Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20294", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-29T18:49:22.444391Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:40:18.434Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.160Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nxos-lldp-dos-z7PncTgt", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-lldp-dos-z7PncTgt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.0(2)A3(1)" }, { "status": "affected", "version": "6.0(2)A3(2)" }, { "status": "affected", "version": "6.0(2)A3(4)" }, { "status": "affected", "version": "6.0(2)A4(1)" }, { "status": "affected", "version": "6.0(2)A4(2)" }, { "status": "affected", "version": "6.0(2)A4(3)" }, { "status": "affected", "version": "6.0(2)A4(4)" }, { "status": "affected", "version": "6.0(2)A4(5)" }, { "status": "affected", "version": "6.0(2)A4(6)" }, { "status": "affected", "version": "6.0(2)A6(1)" }, { "status": "affected", "version": "6.0(2)A6(1a)" }, { "status": "affected", "version": "6.0(2)A6(2)" }, { "status": "affected", "version": "6.0(2)A6(2a)" }, { "status": "affected", "version": "6.0(2)A6(3)" }, { "status": "affected", "version": "6.0(2)A6(3a)" }, { "status": "affected", "version": "6.0(2)A6(4)" }, { "status": "affected", "version": "6.0(2)A6(4a)" }, { "status": "affected", "version": "6.0(2)A6(5)" }, { "status": "affected", "version": "6.0(2)A6(5a)" }, { "status": "affected", "version": "6.0(2)A6(5b)" }, { "status": "affected", "version": "6.0(2)A6(6)" }, { "status": "affected", "version": "6.0(2)A6(7)" }, { "status": "affected", "version": "6.0(2)A6(8)" }, { "status": "affected", "version": "6.0(2)A7(1)" }, { "status": "affected", "version": "6.0(2)A7(1a)" }, { "status": "affected", "version": "6.0(2)A7(2)" }, { "status": "affected", "version": "6.0(2)A7(2a)" }, { "status": "affected", "version": "6.0(2)A8(1)" }, { "status": "affected", "version": "6.0(2)A8(2)" }, { "status": "affected", "version": "6.0(2)A8(3)" }, { "status": "affected", "version": "6.0(2)A8(4)" }, { "status": "affected", "version": "6.0(2)A8(4a)" }, { "status": "affected", "version": "6.0(2)A8(5)" }, { "status": "affected", "version": "6.0(2)A8(6)" }, { "status": "affected", "version": "6.0(2)A8(7)" }, { "status": "affected", "version": "6.0(2)A8(7a)" }, { "status": "affected", "version": "6.0(2)A8(7b)" }, { "status": "affected", "version": "6.0(2)A8(8)" }, { "status": "affected", "version": "6.0(2)A8(9)" }, { "status": "affected", "version": "6.0(2)A8(10a)" }, { "status": "affected", "version": "6.0(2)A8(10)" }, { "status": "affected", "version": "6.0(2)A8(11)" }, { "status": "affected", "version": "6.0(2)A8(11a)" }, { "status": "affected", "version": "6.0(2)A8(11b)" }, { "status": "affected", "version": "6.0(2)U2(1)" }, { "status": "affected", "version": "6.0(2)U2(2)" }, { "status": "affected", "version": "6.0(2)U2(3)" }, { "status": "affected", "version": "6.0(2)U2(4)" }, { "status": "affected", "version": "6.0(2)U2(5)" }, { "status": "affected", "version": "6.0(2)U2(6)" }, { "status": "affected", "version": "6.0(2)U3(1)" }, { "status": "affected", "version": "6.0(2)U3(2)" }, { "status": "affected", "version": "6.0(2)U3(3)" }, { "status": "affected", "version": "6.0(2)U3(4)" }, { "status": "affected", "version": "6.0(2)U3(5)" }, { "status": "affected", "version": "6.0(2)U3(6)" }, { "status": "affected", "version": "6.0(2)U3(7)" }, { "status": "affected", "version": "6.0(2)U3(8)" }, { "status": "affected", "version": "6.0(2)U3(9)" }, { "status": "affected", "version": "6.0(2)U4(1)" }, { "status": "affected", "version": "6.0(2)U4(2)" }, { "status": "affected", "version": "6.0(2)U4(3)" }, { "status": "affected", "version": "6.0(2)U4(4)" }, { "status": "affected", "version": "6.0(2)U5(1)" }, { "status": "affected", "version": "6.0(2)U5(2)" }, { "status": "affected", "version": "6.0(2)U5(3)" }, { "status": "affected", "version": "6.0(2)U5(4)" }, { "status": "affected", "version": "6.0(2)U6(1)" }, { "status": "affected", "version": "6.0(2)U6(2)" }, { "status": "affected", "version": "6.0(2)U6(3)" }, { "status": "affected", "version": "6.0(2)U6(4)" }, { "status": "affected", "version": "6.0(2)U6(5)" }, { "status": "affected", "version": "6.0(2)U6(6)" }, { "status": "affected", "version": "6.0(2)U6(7)" }, { "status": "affected", "version": "6.0(2)U6(8)" }, { "status": "affected", "version": "6.0(2)U6(1a)" }, { "status": "affected", "version": "6.0(2)U6(2a)" }, { "status": "affected", "version": "6.0(2)U6(3a)" }, { "status": "affected", "version": "6.0(2)U6(4a)" }, { "status": "affected", "version": "6.0(2)U6(5a)" }, { "status": "affected", "version": "6.0(2)U6(5b)" }, { "status": "affected", "version": "6.0(2)U6(5c)" }, { "status": "affected", "version": "6.0(2)U6(9)" }, { "status": "affected", "version": "6.0(2)U6(10)" }, { "status": "affected", "version": "6.2(2)" }, { "status": "affected", "version": "6.2(2a)" }, { "status": "affected", "version": "6.2(6)" }, { "status": "affected", "version": "6.2(6b)" }, { "status": "affected", "version": "6.2(8)" }, { "status": "affected", "version": "6.2(8a)" }, { "status": "affected", "version": "6.2(8b)" }, { "status": "affected", "version": "6.2(10)" }, { "status": "affected", "version": "6.2(12)" }, { "status": "affected", "version": "6.2(18)" }, { "status": "affected", "version": "6.2(16)" }, { "status": "affected", "version": "6.2(14)" }, { "status": "affected", "version": "6.2(6a)" }, { "status": "affected", "version": "6.2(20)" }, { "status": "affected", "version": "6.2(1)" }, { "status": "affected", "version": "6.2(3)" }, { "status": "affected", "version": "6.2(5)" }, { "status": "affected", "version": "6.2(5a)" }, { "status": "affected", "version": "6.2(5b)" }, { "status": "affected", "version": "6.2(7)" }, { "status": "affected", "version": "6.2(9)" }, { "status": "affected", "version": "6.2(9a)" }, { "status": "affected", "version": "6.2(9b)" }, { "status": "affected", "version": "6.2(9c)" }, { "status": "affected", "version": "6.2(11)" }, { "status": "affected", "version": "6.2(11b)" }, { "status": "affected", "version": "6.2(11c)" }, { "status": "affected", "version": "6.2(11d)" }, { "status": "affected", "version": "6.2(11e)" }, { "status": "affected", "version": "6.2(13)" }, { "status": "affected", "version": "6.2(13a)" }, { "status": "affected", "version": "6.2(13b)" }, { "status": "affected", "version": "6.2(15)" }, { "status": "affected", "version": "6.2(17)" }, { "status": "affected", "version": "6.2(19)" }, { "status": "affected", "version": "6.2(21)" }, { "status": "affected", "version": "6.2(23)" }, { "status": "affected", "version": "6.2(20a)" }, { "status": "affected", "version": "6.2(25)" }, { "status": "affected", "version": "6.2(22)" }, { "status": "affected", "version": "6.2(27)" }, { "status": "affected", "version": "6.2(29)" }, { "status": "affected", "version": "6.2(24)" }, { "status": "affected", "version": "6.2(31)" }, { "status": "affected", "version": "6.2(24a)" }, { "status": "affected", "version": "6.2(33)" }, { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "7.0(3)I2(2a)" }, { "status": "affected", "version": "7.0(3)I2(2b)" }, { "status": "affected", "version": "7.0(3)I2(2c)" }, { "status": "affected", "version": "7.0(3)I2(2d)" }, { "status": "affected", "version": "7.0(3)I2(2e)" }, { "status": "affected", "version": "7.0(3)I2(3)" }, { "status": "affected", "version": "7.0(3)I2(4)" }, { "status": "affected", "version": "7.0(3)I2(5)" }, { "status": "affected", "version": "7.0(3)I2(1)" }, { "status": "affected", "version": "7.0(3)I2(1a)" }, { "status": "affected", "version": "7.0(3)I2(2)" }, { "status": "affected", "version": "7.0(3)I3(1)" }, { "status": "affected", "version": "7.0(3)I4(1)" }, { "status": "affected", "version": "7.0(3)I4(2)" }, { "status": "affected", "version": "7.0(3)I4(3)" }, { "status": "affected", "version": "7.0(3)I4(4)" }, { "status": "affected", "version": "7.0(3)I4(5)" }, { "status": "affected", "version": "7.0(3)I4(6)" }, { "status": "affected", "version": "7.0(3)I4(7)" }, { "status": "affected", "version": "7.0(3)I4(8)" }, { "status": "affected", "version": "7.0(3)I4(8a)" }, { "status": "affected", "version": "7.0(3)I4(8b)" }, { "status": "affected", "version": "7.0(3)I4(8z)" }, { "status": "affected", "version": "7.0(3)I4(9)" }, { "status": "affected", "version": "7.0(3)I5(1)" }, { "status": "affected", "version": "7.0(3)I5(2)" }, { "status": "affected", "version": "7.0(3)I6(1)" }, { "status": "affected", "version": "7.0(3)I6(2)" }, { "status": "affected", "version": "7.0(3)I7(1)" }, { "status": "affected", "version": "7.0(3)I7(2)" }, { "status": "affected", "version": "7.0(3)I7(3)" }, { "status": "affected", "version": "7.0(3)I7(4)" }, { "status": "affected", "version": "7.0(3)I7(5)" }, { "status": "affected", "version": "7.0(3)I7(5a)" }, { "status": "affected", "version": "7.0(3)I7(6)" }, { "status": "affected", "version": "7.0(3)I7(7)" }, { "status": "affected", "version": "7.0(3)I7(8)" }, { "status": "affected", "version": "7.0(3)I7(9)" }, { "status": "affected", "version": "7.0(3)I7(10)" }, { "status": "affected", "version": "7.1(0)N1(1a)" }, { "status": "affected", "version": "7.1(0)N1(1b)" }, { "status": "affected", "version": "7.1(0)N1(1)" }, { "status": "affected", "version": "7.1(1)N1(1)" }, { "status": "affected", "version": "7.1(2)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(2)" }, { "status": "affected", "version": "7.1(4)N1(1)" }, { "status": "affected", "version": "7.1(5)N1(1)" }, { "status": "affected", "version": "7.1(5)N1(1b)" }, { "status": "affected", "version": "7.2(0)D1(1)" }, { "status": "affected", "version": "7.2(1)D1(1)" }, { "status": "affected", "version": "7.2(2)D1(2)" }, { "status": "affected", "version": "7.2(2)D1(1)" }, { "status": "affected", "version": "7.3(0)D1(1)" }, { "status": "affected", "version": "7.3(0)DX(1)" }, { "status": "affected", "version": "7.3(0)DY(1)" }, { "status": "affected", "version": "7.3(0)N1(1)" }, { "status": "affected", "version": "7.3(1)D1(1)" }, { "status": "affected", "version": "7.3(1)DY(1)" }, { "status": "affected", "version": "7.3(1)N1(1)" }, { "status": "affected", "version": "7.3(2)D1(1)" }, { "status": "affected", "version": "7.3(2)D1(2)" }, { "status": "affected", "version": "7.3(2)D1(3)" }, { "status": "affected", "version": "7.3(2)D1(3a)" }, { "status": "affected", "version": "7.3(2)N1(1)" }, { "status": "affected", "version": "7.3(3)N1(1)" }, { "status": "affected", "version": "8.0(1)" }, { "status": "affected", "version": "8.1(1)" }, { "status": "affected", "version": "8.1(2)" }, { "status": "affected", "version": "8.1(2a)" }, { "status": "affected", "version": "8.1(1a)" }, { "status": "affected", "version": "8.1(1b)" }, { "status": "affected", "version": "8.2(1)" }, { "status": "affected", "version": "8.2(2)" }, { "status": "affected", "version": "8.2(3)" }, { "status": "affected", "version": "8.2(4)" }, { "status": "affected", "version": "8.2(5)" }, { "status": "affected", "version": "8.2(6)" }, { "status": "affected", "version": "8.2(7)" }, { "status": "affected", "version": "8.2(7a)" }, { "status": "affected", "version": "8.2(8)" }, { "status": "affected", "version": "8.2(9)" }, { "status": "affected", "version": "8.2(10)" }, { "status": "affected", "version": "8.3(1)" }, { "status": "affected", "version": "8.3(2)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "9.2(1a)" }, { "status": "affected", "version": "7.3(4)N1(1)" }, { "status": "affected", "version": "7.3(3)D1(1)" }, { "status": "affected", "version": "7.3(4)D1(1)" }, { "status": "affected", "version": "7.3(5)N1(1)" }, { "status": "affected", "version": "8.4(1)" }, { "status": "affected", "version": "8.4(1a)" }, { "status": "affected", "version": "8.4(2)" }, { "status": "affected", "version": "8.4(2a)" }, { "status": "affected", "version": "8.4(3)" }, { "status": "affected", "version": "8.4(2b)" }, { "status": "affected", "version": "8.4(4)" }, { "status": "affected", "version": "8.4(2c)" }, { "status": "affected", "version": "8.4(4a)" }, { "status": "affected", "version": "8.4(5)" }, { "status": "affected", "version": "8.4(2d)" }, { "status": "affected", "version": "8.4(6)" }, { "status": "affected", "version": "8.4(2e)" }, { "status": "affected", "version": "8.4(6a)" }, { "status": "affected", "version": "8.4(7)" }, { "status": "affected", "version": "8.4(2f)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "9.3(2a)" }, { "status": "affected", "version": "7.3(6)N1(1)" }, { "status": "affected", "version": "7.3(5)D1(1)" }, { "status": "affected", "version": "7.3(7)N1(1)" }, { "status": "affected", "version": "7.3(7)N1(1a)" }, { "status": "affected", "version": "7.3(7)N1(1b)" }, { "status": "affected", "version": "7.3(6)D1(1)" }, { "status": "affected", "version": "7.3(8)N1(1)" }, { "status": "affected", "version": "7.3(7)D1(1)" }, { "status": "affected", "version": "7.3(9)N1(1)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "8.5(1)" }, { "status": "affected", "version": "7.3(10)N1(1)" }, { "status": "affected", "version": "7.3(8)D1(1)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "10.2(3v)" }, { "status": "affected", "version": "7.3(9)D1(1)" }, { "status": "affected", "version": "7.3(11)N1(1)" }, { "status": "affected", "version": "7.3(12)N1(1)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "7.3(13)N1(1)" } ] }, { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "3.1(1e)" }, { "status": "affected", "version": "3.1(1g)" }, { "status": "affected", "version": "3.1(1h)" }, { "status": "affected", "version": "3.1(1k)" }, { "status": "affected", "version": "3.1(1l)" }, { "status": "affected", "version": "3.1(2b)" }, { "status": "affected", "version": "3.1(2c)" }, { "status": "affected", "version": "3.1(2e)" }, { "status": "affected", "version": "3.1(2f)" }, { "status": "affected", "version": "3.1(2g)" }, { "status": "affected", "version": "3.1(2h)" }, { "status": "affected", "version": "3.1(3a)" }, { "status": "affected", "version": "3.1(3b)" }, { "status": "affected", "version": "3.1(3c)" }, { "status": "affected", "version": "3.1(3d)" }, { "status": "affected", "version": "3.1(3e)" }, { "status": "affected", "version": "3.1(3f)" }, { "status": "affected", "version": "3.1(3h)" }, { "status": "affected", "version": "3.1(3j)" }, { "status": "affected", "version": "3.1(3k)" }, { "status": "affected", "version": "3.1(2d)" }, { "status": "affected", "version": "3.1(3l)" }, { "status": "affected", "version": "3.2(1d)" }, { "status": "affected", "version": "3.2(2b)" }, { "status": "affected", "version": "3.2(2c)" }, { "status": "affected", "version": "3.2(2d)" }, { "status": "affected", "version": "3.2(2e)" }, { "status": "affected", "version": "3.2(2f)" }, { "status": "affected", "version": "3.2(3a)" }, { "status": "affected", "version": "3.2(3b)" }, { "status": "affected", "version": "3.2(3d)" }, { "status": "affected", "version": "3.2(3e)" }, { "status": "affected", "version": "3.2(3g)" }, { "status": "affected", "version": "3.2(3h)" }, { "status": "affected", "version": "3.2(3i)" }, { "status": "affected", "version": "3.2(3j)" }, { "status": "affected", "version": "3.2(3k)" }, { "status": "affected", "version": "3.2(3l)" }, { "status": "affected", "version": "3.2(3n)" }, { "status": "affected", "version": "3.2(3o)" }, { "status": "affected", "version": "3.2(3p)" }, { "status": "affected", "version": "4.0(1a)" }, { "status": "affected", "version": "4.0(1b)" }, { "status": "affected", "version": "4.0(1c)" }, { "status": "affected", "version": "4.0(1d)" }, { "status": "affected", "version": "4.0(2a)" }, { "status": "affected", "version": "4.0(2b)" }, { "status": "affected", "version": "4.0(2d)" }, { "status": "affected", "version": "4.0(2e)" }, { "status": "affected", "version": "4.0(4b)" }, { "status": "affected", "version": "4.0(4c)" }, { "status": "affected", "version": "4.0(4d)" }, { "status": "affected", "version": "4.0(4e)" }, { "status": "affected", "version": "4.0(4f)" }, { "status": "affected", "version": "4.0(4g)" }, { "status": "affected", "version": "4.0(4h)" }, { "status": "affected", "version": "4.0(4a)" }, { "status": "affected", "version": "4.0(4i)" }, { "status": "affected", "version": "4.0(4k)" }, { "status": "affected", "version": "4.0(4l)" }, { "status": "affected", "version": "4.0(4m)" }, { "status": "affected", "version": "4.0(4n)" }, { "status": "affected", "version": "4.0(4o)" }, { "status": "affected", "version": "4.1(1a)" }, { "status": "affected", "version": "4.1(1b)" }, { "status": "affected", "version": "4.1(1c)" }, { "status": "affected", "version": "4.1(2a)" }, { "status": "affected", "version": "4.1(1d)" }, { "status": "affected", "version": "4.1(1e)" }, { "status": "affected", "version": "4.1(2b)" }, { "status": "affected", "version": "4.1(3a)" }, { "status": "affected", "version": "4.1(3b)" }, { "status": "affected", "version": "4.1(2c)" }, { "status": "affected", "version": "4.1(3d)" }, { "status": "affected", "version": "4.1(3c)" }, { "status": "affected", "version": "4.1(3e)" }, { "status": "affected", "version": "4.1(3f)" }, { "status": "affected", "version": "4.1(3h)" }, { "status": "affected", "version": "4.1(3i)" }, { "status": "affected", "version": "4.1(3j)" }, { "status": "affected", "version": "4.1(3k)" }, { "status": "affected", "version": "4.1(3l)" }, { "status": "affected", "version": "4.2(1d)" }, { "status": "affected", "version": "4.2(1c)" }, { "status": "affected", "version": "4.2(1f)" }, { "status": "affected", "version": "4.2(1i)" }, { "status": "affected", "version": "4.2(1k)" }, { "status": "affected", "version": "4.2(1l)" }, { "status": "affected", "version": "4.2(1m)" }, { "status": "affected", "version": "4.2(2a)" }, { "status": "affected", "version": "4.2(2c)" }, { "status": "affected", "version": "4.2(1n)" }, { "status": "affected", "version": "4.2(2d)" }, { "status": "affected", "version": "4.2(3b)" }, { "status": "affected", "version": "4.2(2e)" }, { "status": "affected", "version": "4.2(3d)" }, { "status": "affected", "version": "4.2(3e)" }, { "status": "affected", "version": "4.2(3g)" }, { "status": "affected", "version": "4.2(3h)" }, { "status": "affected", "version": "4.2(3i)" } ] }, { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "2.2.1.63" }, { "status": "affected", "version": "2.2.1.66" }, { "status": "affected", "version": "2.2.1.70" }, { "status": "affected", "version": "2.2.2.17" }, { "status": "affected", "version": "2.2.2.19" }, { "status": "affected", "version": "2.2.2.24" }, { "status": "affected", "version": "2.2.2.26" }, { "status": "affected", "version": "2.2.2.28" }, { "status": "affected", "version": "2.2.2.54" }, { "status": "affected", "version": "2.2.2.60" }, { "status": "affected", "version": "2.2.2.71" }, { "status": "affected", "version": "2.2.2.83" }, { "status": "affected", "version": "2.2.2.86" }, { "status": "affected", "version": "2.2.2.91" }, { "status": "affected", "version": "2.2.2.97" }, { "status": "affected", "version": "2.2.2.101" }, { "status": "affected", "version": "2.2.2.137" }, { "status": "affected", "version": "2.2.2.148" }, { "status": "affected", "version": "2.2.2.149" }, { "status": "affected", "version": "2.3.1.99" }, { "status": "affected", "version": "2.3.1.93" }, { "status": "affected", "version": "2.3.1.91" }, { "status": "affected", "version": "2.3.1.88" }, { "status": "affected", "version": "2.3.1.75" }, { "status": "affected", "version": "2.3.1.73" }, { "status": "affected", "version": "2.3.1.66" }, { "status": "affected", "version": "2.3.1.58" }, { "status": "affected", "version": "2.3.1.130" }, { "status": "affected", "version": "2.3.1.111" }, { "status": "affected", "version": "2.3.1.110" }, { "status": "affected", "version": "2.3.1.144" }, { "status": "affected", "version": "2.3.1.145" }, { "status": "affected", "version": "2.3.1.155" }, { "status": "affected", "version": "2.3.1.166" }, { "status": "affected", "version": "2.3.1.173" }, { "status": "affected", "version": "2.3.1.179" }, { "status": "affected", "version": "2.3.1.180" }, { "status": "affected", "version": "2.3.1.56" }, { "status": "affected", "version": "2.3.1.190" }, { "status": "affected", "version": "2.3.1.215" }, { "status": "affected", "version": "2.3.1.216" }, { "status": "affected", "version": "2.3.1.219" }, { "status": "affected", "version": "2.3.1.230" }, { "status": "affected", "version": "2.6.1.131" }, { "status": "affected", "version": "2.6.1.157" }, { "status": "affected", "version": "2.6.1.166" }, { "status": "affected", "version": "2.6.1.169" }, { "status": "affected", "version": "2.6.1.174" }, { "status": "affected", "version": "2.6.1.187" }, { "status": "affected", "version": "2.6.1.192" }, { "status": "affected", "version": "2.6.1.204" }, { "status": "affected", "version": "2.6.1.214" }, { "status": "affected", "version": "2.6.1.224" }, { "status": "affected", "version": "2.6.1.229" }, { "status": "affected", "version": "2.6.1.230" }, { "status": "affected", "version": "2.6.1.238" }, { "status": "affected", "version": "2.6.1.239" }, { "status": "affected", "version": "2.6.1.254" }, { "status": "affected", "version": "2.6.1.259" }, { "status": "affected", "version": "2.6.1.264" }, { "status": "affected", "version": "2.6.1.265" }, { "status": "affected", "version": "2.8.1.105" }, { "status": "affected", "version": "2.8.1.125" }, { "status": "affected", "version": "2.8.1.139" }, { "status": "affected", "version": "2.8.1.143" }, { "status": "affected", "version": "2.8.1.152" }, { "status": "affected", "version": "2.8.1.162" }, { "status": "affected", "version": "2.8.1.164" }, { "status": "affected", "version": "2.8.1.172" }, { "status": "affected", "version": "2.8.1.186" }, { "status": "affected", "version": "2.8.1.190" }, { "status": "affected", "version": "2.8.1.198" }, { "status": "affected", "version": "2.9.1.131" }, { "status": "affected", "version": "2.9.1.135" }, { "status": "affected", "version": "2.9.1.143" }, { "status": "affected", "version": "2.9.1.150" }, { "status": "affected", "version": "2.9.1.158" }, { "status": "affected", "version": "2.10.1.159" }, { "status": "affected", "version": "2.10.1.166" }, { "status": "affected", "version": "2.10.1.179" }, { "status": "affected", "version": "2.10.1.207" }, { "status": "affected", "version": "2.10.1.234" }, { "status": "affected", "version": "2.10.1.245" }, { "status": "affected", "version": "2.10.1.271" }, { "status": "affected", "version": "2.11.1.154" }, { "status": "affected", "version": "2.11.1.182" }, { "status": "affected", "version": "2.11.1.200" }, { "status": "affected", "version": "2.11.1.205" }, { "status": "affected", "version": "2.12.0.31" }, { "status": "affected", "version": "2.12.0.432" }, { "status": "affected", "version": "2.12.0.450" }, { "status": "affected", "version": "2.12.0.467" }, { "status": "affected", "version": "2.12.0.498" }, { "status": "affected", "version": "2.12.1.29" }, { "status": "affected", "version": "2.12.1.48" }, { "status": "affected", "version": "2.13.0.198" }, { "status": "affected", "version": "2.13.0.212" }, { "status": "affected", "version": "2.13.0.243" }, { "status": "affected", "version": "2.14.1.131" } ] }, { "product": "Cisco NX-OS System Software in ACI Mode", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "12.0(1m)" }, { "status": "affected", "version": "12.0(2g)" }, { "status": "affected", "version": "12.0(1n)" }, { "status": "affected", "version": "12.0(1o)" }, { "status": "affected", "version": "12.0(1p)" }, { "status": "affected", "version": "12.0(1q)" }, { "status": "affected", "version": "12.0(2h)" }, { "status": "affected", "version": "12.0(2l)" }, { "status": "affected", "version": "12.0(2m)" }, { "status": "affected", "version": "12.0(2n)" }, { "status": "affected", "version": "12.0(2o)" }, { "status": "affected", "version": "12.0(2f)" }, { "status": "affected", "version": "12.0(1r)" }, { "status": "affected", "version": "12.1(1h)" }, { "status": "affected", "version": "12.1(2e)" }, { "status": "affected", "version": "12.1(3g)" }, { "status": "affected", "version": "12.1(4a)" }, { "status": "affected", "version": "12.1(1i)" }, { "status": "affected", "version": "12.1(2g)" }, { "status": "affected", "version": "12.1(2k)" }, { "status": "affected", "version": "12.1(3h)" }, { "status": "affected", "version": "12.1(3j)" }, { "status": "affected", "version": "12.2(1n)" }, { "status": "affected", "version": "12.2(2e)" }, { "status": "affected", "version": "12.2(3j)" }, { "status": "affected", "version": "12.2(4f)" }, { "status": "affected", "version": "12.2(4p)" }, { "status": "affected", "version": "12.2(3p)" }, { "status": "affected", "version": "12.2(3r)" }, { "status": "affected", "version": "12.2(3s)" }, { "status": "affected", "version": "12.2(3t)" }, { "status": "affected", "version": "12.2(2f)" }, { "status": "affected", "version": "12.2(2i)" }, { "status": "affected", "version": "12.2(2j)" }, { "status": "affected", "version": "12.2(2k)" }, { "status": "affected", "version": "12.2(2q)" }, { "status": "affected", "version": "12.2(1o)" }, { "status": "affected", "version": "12.2(4q)" }, { "status": "affected", "version": "12.2(4r)" }, { "status": "affected", "version": "12.3(1e)" }, { "status": "affected", "version": "12.3(1f)" }, { "status": "affected", "version": "12.3(1i)" }, { "status": "affected", "version": "12.3(1l)" }, { "status": "affected", "version": "12.3(1o)" }, { "status": "affected", "version": "12.3(1p)" }, { "status": "affected", "version": "13.0(1k)" }, { "status": "affected", "version": "13.0(2h)" }, { "status": "affected", "version": "13.0(2k)" }, { "status": "affected", "version": "13.0(2n)" }, { "status": "affected", "version": "13.1(1i)" }, { "status": "affected", "version": "13.1(2m)" }, { "status": "affected", "version": "13.1(2o)" }, { "status": "affected", "version": "13.1(2p)" }, { "status": "affected", "version": "13.1(2q)" }, { "status": "affected", "version": "13.1(2s)" }, { "status": "affected", "version": "13.1(2t)" }, { "status": "affected", "version": "13.1(2u)" }, { "status": "affected", "version": "13.1(2v)" }, { "status": "affected", "version": "13.2(1l)" }, { "status": "affected", "version": "13.2(1m)" }, { "status": "affected", "version": "13.2(2l)" }, { "status": "affected", "version": "13.2(2o)" }, { "status": "affected", "version": "13.2(3i)" }, { "status": "affected", "version": "13.2(3n)" }, { "status": "affected", "version": "13.2(3o)" }, { "status": "affected", "version": "13.2(3r)" }, { "status": "affected", "version": "13.2(4d)" }, { "status": "affected", "version": "13.2(4e)" }, { "status": "affected", "version": "13.2(3s)" }, { "status": "affected", "version": "13.2(5d)" }, { "status": "affected", "version": "13.2(5e)" }, { "status": "affected", "version": "13.2(5f)" }, { "status": "affected", "version": "13.2(6i)" }, { "status": "affected", "version": "13.2(7f)" }, { "status": "affected", "version": "13.2(7k)" }, { "status": "affected", "version": "13.2(9b)" }, { "status": "affected", "version": "13.2(9f)" }, { "status": "affected", "version": "13.2(9h)" }, { "status": "affected", "version": "13.2(10e)" }, { "status": "affected", "version": "13.2(10f)" }, { "status": "affected", "version": "13.2(10g)" }, { "status": "affected", "version": "14.0(1h)" }, { "status": "affected", "version": "14.0(2c)" }, { "status": "affected", "version": "14.0(3d)" }, { "status": "affected", "version": "14.0(3c)" }, { "status": "affected", "version": "14.1(1i)" }, { "status": "affected", "version": "14.1(1j)" }, { "status": "affected", "version": "14.1(1k)" }, { "status": "affected", "version": "14.1(1l)" }, { "status": "affected", "version": "14.1(2g)" }, { "status": "affected", "version": "14.1(2m)" }, { "status": "affected", "version": "14.1(2o)" }, { "status": "affected", "version": "14.1(2s)" }, { "status": "affected", "version": "14.1(2u)" }, { "status": "affected", "version": "14.1(2w)" }, { "status": "affected", "version": "14.1(2x)" }, { "status": "affected", "version": "14.2(1i)" }, { "status": "affected", "version": "14.2(1j)" }, { "status": "affected", "version": "14.2(1l)" }, { "status": "affected", "version": "14.2(2e)" }, { "status": "affected", "version": "14.2(2f)" }, { "status": "affected", "version": "14.2(2g)" }, { "status": "affected", "version": "14.2(3j)" }, { "status": "affected", "version": "14.2(3l)" }, { "status": "affected", "version": "14.2(3n)" }, { "status": "affected", "version": "14.2(3q)" }, { "status": "affected", "version": "14.2(4i)" }, { "status": "affected", "version": "14.2(4k)" }, { "status": "affected", "version": "14.2(4o)" }, { "status": "affected", "version": "14.2(4p)" }, { "status": "affected", "version": "14.2(5k)" }, { "status": "affected", "version": "14.2(5l)" }, { "status": "affected", "version": "14.2(5n)" }, { "status": "affected", "version": "14.2(6d)" }, { "status": "affected", "version": "14.2(6g)" }, { "status": "affected", "version": "14.2(6h)" }, { "status": "affected", "version": "14.2(6l)" }, { "status": "affected", "version": "14.2(7f)" }, { "status": "affected", "version": "14.2(7l)" }, { "status": "affected", "version": "14.2(6o)" }, { "status": "affected", "version": "14.2(7q)" }, { "status": "affected", "version": "14.2(7r)" }, { "status": "affected", "version": "14.2(7s)" }, { "status": "affected", "version": "14.2(7t)" }, { "status": "affected", "version": "14.2(7u)" }, { "status": "affected", "version": "14.2(7v)" }, { "status": "affected", "version": "14.2(7w)" }, { "status": "affected", "version": "15.0(1k)" }, { "status": "affected", "version": "15.0(1l)" }, { "status": "affected", "version": "15.0(2e)" }, { "status": "affected", "version": "15.0(2h)" }, { "status": "affected", "version": "15.1(1h)" }, { "status": "affected", "version": "15.1(2e)" }, { "status": "affected", "version": "15.1(3e)" }, { "status": "affected", "version": "15.1(4c)" }, { "status": "affected", "version": "15.2(1g)" }, { "status": "affected", "version": "15.2(2e)" }, { "status": "affected", "version": "15.2(2f)" }, { "status": "affected", "version": "15.2(2g)" }, { "status": "affected", "version": "15.2(2h)" }, { "status": "affected", "version": "15.2(3e)" }, { "status": "affected", "version": "15.2(3f)" }, { "status": "affected", "version": "15.2(3g)" }, { "status": "affected", "version": "15.2(4d)" }, { "status": "affected", "version": "15.2(4e)" }, { "status": "affected", "version": "15.2(5c)" }, { "status": "affected", "version": "15.2(5d)" }, { "status": "affected", "version": "15.2(5e)" }, { "status": "affected", "version": "15.2(4f)" }, { "status": "affected", "version": "15.2(6e)" }, { "status": "affected", "version": "15.2(6g)" }, { "status": "affected", "version": "15.2(7f)" }, { "status": "affected", "version": "15.2(7g)" }, { "status": "affected", "version": "15.2(8d)" }, { "status": "affected", "version": "15.2(8e)" }, { "status": "affected", "version": "15.2(8f)" }, { "status": "affected", "version": "15.2(8g)" }, { "status": "affected", "version": "16.0(1g)" }, { "status": "affected", "version": "16.0(1j)" }, { "status": "affected", "version": "16.0(2h)" }, { "status": "affected", "version": "16.0(2j)" }, { "status": "affected", "version": "16.0(3d)" }, { "status": "affected", "version": "16.0(3e)" }, { "status": "affected", "version": "15.3(1d)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device.\r\n\r Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol)." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-805", "description": "Buffer Access with Incorrect Length Value", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-28T16:16:56.717Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-lldp-dos-z7PncTgt", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-lldp-dos-z7PncTgt" } ], "source": { "advisory": "cisco-sa-nxos-lldp-dos-z7PncTgt", "defects": [ "CSCwf67412", "CSCwf67468", "CSCwi31871", "CSCwe86457", "CSCwf67408", "CSCwf67409", "CSCwf67411", "CSCwi29934" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20294", "datePublished": "2024-02-28T16:16:56.717Z", "dateReserved": "2023-11-08T15:08:07.629Z", "dateUpdated": "2024-08-01T21:59:41.160Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3545
Vulnerability from cvelistv5
Published
2020-09-04 02:25
Modified
2024-11-13 18:09
Severity ?
EPSS score ?
Summary
Cisco FXOS Software Buffer Overflow Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-buffer-cSdmfWUt | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Firepower Extensible Operating System (FXOS) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:37:54.889Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200902 Cisco FXOS Software Buffer Overflow Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-buffer-cSdmfWUt" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3545", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:18:11.611518Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T18:09:11.735Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-09-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-04T02:25:22", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200902 Cisco FXOS Software Buffer Overflow Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-buffer-cSdmfWUt" } ], "source": { "advisory": "cisco-sa-fxos-buffer-cSdmfWUt", "defect": [ [ "CSCvd72523" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS Software Buffer Overflow Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-09-02T16:00:00", "ID": "CVE-2020-3545", "STATE": "PUBLIC", "TITLE": "Cisco FXOS Software Buffer Overflow Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Firepower Extensible Operating System (FXOS)", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.0", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "name": "20200902 Cisco FXOS Software Buffer Overflow Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-buffer-cSdmfWUt" } ] }, "source": { "advisory": "cisco-sa-fxos-buffer-cSdmfWUt", "defect": [ [ "CSCvd72523" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3545", "datePublished": "2020-09-04T02:25:22.334152Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T18:09:11.735Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3169
Vulnerability from cvelistv5
Published
2020-02-26 16:50
Modified
2024-11-15 17:37
Severity ?
EPSS score ?
Summary
Cisco FXOS Software CLI Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fpwr-cmdinj | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Firepower Extensible Operating System (FXOS) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:24:00.671Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200226 Cisco FXOS Software CLI Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fpwr-cmdinj" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3169", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:24:58.305369Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:37:39.645Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2020-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-26T16:50:55", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200226 Cisco FXOS Software CLI Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fpwr-cmdinj" } ], "source": { "advisory": "cisco-sa-20200226-fpwr-cmdinj", "defect": [ [ "CSCvo42633" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS Software CLI Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-02-26T16:00:00-0800", "ID": "CVE-2020-3169", "STATE": "PUBLIC", "TITLE": "Cisco FXOS Software CLI Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Firepower Extensible Operating System (FXOS)", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "20200226 Cisco FXOS Software CLI Command Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fpwr-cmdinj" } ] }, "source": { "advisory": "cisco-sa-20200226-fpwr-cmdinj", "defect": [ [ "CSCvo42633" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3169", "datePublished": "2020-02-26T16:50:55.621127Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-15T17:37:39.645Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20234
Vulnerability from cvelistv5
Published
2023-08-23 18:21
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files.
The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:35.918Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-fxos-arbitrary-file-BLk6YupL", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-arbitrary-file-BLk6YupL" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Adaptive Security Appliance (ASA) Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "9.8.2" }, { "status": "affected", "version": "9.8.2.8" }, { "status": "affected", "version": "9.8.2.14" }, { "status": "affected", "version": "9.8.2.15" }, { "status": "affected", "version": "9.8.2.17" }, { "status": "affected", "version": "9.8.2.20" }, { "status": "affected", "version": "9.8.2.24" }, { "status": "affected", "version": "9.8.2.26" }, { "status": "affected", "version": "9.8.2.28" }, { "status": "affected", "version": "9.8.2.33" }, { "status": "affected", "version": "9.8.2.35" }, { "status": "affected", "version": "9.8.2.38" }, { "status": "affected", "version": "9.8.3.8" }, { "status": "affected", "version": "9.8.3.11" }, { "status": "affected", "version": "9.8.3.14" }, { "status": "affected", "version": "9.8.3.16" }, { "status": "affected", "version": "9.8.3.18" }, { "status": "affected", "version": "9.8.3.21" }, { "status": "affected", "version": "9.8.3" }, { "status": "affected", "version": "9.8.3.26" }, { "status": "affected", "version": "9.8.3.29" }, { "status": "affected", "version": "9.8.4" }, { "status": "affected", "version": "9.8.4.3" }, { "status": "affected", "version": "9.8.4.7" }, { "status": "affected", "version": "9.8.4.8" }, { "status": "affected", "version": "9.8.4.10" }, { "status": "affected", "version": "9.8.4.12" }, { "status": "affected", "version": "9.8.4.15" }, { "status": "affected", "version": "9.8.4.17" }, { "status": "affected", "version": "9.8.4.25" }, { "status": "affected", "version": "9.8.4.20" }, { "status": "affected", "version": "9.8.4.22" }, { "status": "affected", "version": "9.8.4.26" }, { "status": "affected", "version": "9.8.4.29" }, { "status": "affected", "version": "9.8.4.32" }, { "status": "affected", "version": "9.8.4.34" }, { "status": "affected", "version": "9.8.4.35" }, { "status": "affected", "version": "9.8.4.39" }, { "status": "affected", "version": "9.8.4.40" }, { "status": "affected", "version": "9.8.4.41" }, { "status": "affected", "version": "9.8.4.43" }, { "status": "affected", "version": "9.8.4.44" }, { "status": "affected", "version": "9.8.4.45" }, { "status": "affected", "version": "9.8.4.46" }, { "status": "affected", "version": "9.8.4.48" }, { "status": "affected", "version": "9.12.1" }, { "status": "affected", "version": "9.12.1.2" }, { "status": "affected", "version": "9.12.1.3" }, { "status": "affected", "version": "9.12.2" }, { "status": "affected", "version": "9.12.2.5" }, { "status": "affected", "version": "9.12.2.9" }, { "status": "affected", "version": "9.12.3" }, { "status": "affected", "version": "9.12.3.2" }, { "status": "affected", "version": "9.12.3.7" }, { "status": "affected", "version": "9.12.4" }, { "status": "affected", "version": "9.12.3.12" }, { "status": "affected", "version": "9.12.3.9" }, { "status": "affected", "version": "9.12.2.1" }, { "status": "affected", "version": "9.12.4.2" }, { "status": "affected", "version": "9.12.4.4" }, { "status": "affected", "version": "9.12.4.7" }, { "status": "affected", "version": "9.12.4.10" }, { "status": "affected", "version": "9.12.4.13" }, { "status": "affected", "version": "9.12.4.8" }, { "status": "affected", "version": "9.12.4.18" }, { "status": "affected", "version": "9.12.4.24" }, { "status": "affected", "version": "9.12.4.26" }, { "status": "affected", "version": "9.12.4.29" }, { "status": "affected", "version": "9.12.4.30" }, { "status": "affected", "version": "9.12.4.35" }, { "status": "affected", "version": "9.12.4.37" }, { "status": "affected", "version": "9.12.4.38" }, { "status": "affected", "version": "9.12.4.39" }, { "status": "affected", "version": "9.12.4.40" }, { "status": "affected", "version": "9.12.4.41" }, { "status": "affected", "version": "9.12.4.47" }, { "status": "affected", "version": "9.12.4.48" }, { "status": "affected", "version": "9.12.4.50" }, { "status": "affected", "version": "9.12.4.52" }, { "status": "affected", "version": "9.12.4.54" }, { "status": "affected", "version": "9.12.4.55" }, { "status": "affected", "version": "9.12.4.56" }, { "status": "affected", "version": "9.14.1" }, { "status": "affected", "version": "9.14.1.10" }, { "status": "affected", "version": "9.14.1.15" }, { "status": "affected", "version": "9.14.1.19" }, { "status": "affected", "version": "9.14.1.30" }, { "status": "affected", "version": "9.14.2" }, { "status": "affected", "version": "9.14.2.4" }, { "status": "affected", "version": "9.14.2.8" }, { "status": "affected", "version": "9.14.2.13" }, { "status": "affected", "version": "9.14.2.15" }, { "status": "affected", "version": "9.14.3" }, { "status": "affected", "version": "9.14.3.1" }, { "status": "affected", "version": "9.14.3.9" }, { "status": "affected", "version": "9.14.3.11" }, { "status": "affected", "version": "9.14.3.13" }, { "status": "affected", "version": "9.14.3.18" }, { "status": "affected", "version": "9.14.3.15" }, { "status": "affected", "version": "9.14.4" }, { "status": "affected", "version": "9.14.4.6" }, { "status": "affected", "version": "9.14.4.7" }, { "status": "affected", "version": "9.14.4.12" }, { "status": "affected", "version": "9.14.4.13" }, { "status": "affected", "version": "9.14.4.14" }, { "status": "affected", "version": "9.14.4.15" }, { "status": "affected", "version": "9.14.4.17" }, { "status": "affected", "version": "9.14.4.22" }, { "status": "affected", "version": "9.15.1" }, { "status": "affected", "version": "9.15.1.7" }, { "status": "affected", "version": "9.15.1.10" }, { "status": "affected", "version": "9.15.1.15" }, { "status": "affected", "version": "9.15.1.16" }, { "status": "affected", "version": "9.15.1.17" }, { "status": "affected", "version": "9.15.1.1" }, { "status": "affected", "version": "9.15.1.21" }, { "status": "affected", "version": "9.16.1" }, { "status": "affected", "version": "9.16.1.28" }, { "status": "affected", "version": "9.16.2" }, { "status": "affected", "version": "9.16.2.3" }, { "status": "affected", "version": "9.16.2.7" }, { "status": "affected", "version": "9.16.2.11" }, { "status": "affected", "version": "9.16.2.13" }, { "status": "affected", "version": "9.16.2.14" }, { "status": "affected", "version": "9.16.3" }, { "status": "affected", "version": "9.16.3.3" }, { "status": "affected", "version": "9.16.3.14" }, { "status": "affected", "version": "9.16.3.15" }, { "status": "affected", "version": "9.16.3.19" }, { "status": "affected", "version": "9.16.3.23" }, { "status": "affected", "version": "9.16.4" }, { "status": "affected", "version": "9.16.4.9" }, { "status": "affected", "version": "9.17.1" }, { "status": "affected", "version": "9.17.1.7" }, { "status": "affected", "version": "9.17.1.9" }, { "status": "affected", "version": "9.17.1.10" }, { "status": "affected", "version": "9.17.1.11" }, { "status": "affected", "version": "9.17.1.13" }, { "status": "affected", "version": "9.17.1.15" }, { "status": "affected", "version": "9.17.1.20" }, { "status": "affected", "version": "9.18.1" }, { "status": "affected", "version": "9.18.1.3" }, { "status": "affected", "version": "9.18.2" }, { "status": "affected", "version": "9.18.2.5" }, { "status": "affected", "version": "9.18.2.7" }, { "status": "affected", "version": "9.18.2.8" }, { "status": "affected", "version": "9.19.1" } ] }, { "product": "Cisco Firepower Threat Defense Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.2.3" }, { "status": "affected", "version": "6.2.3.1" }, { "status": "affected", "version": "6.2.3.2" }, { "status": "affected", "version": "6.2.3.3" }, { "status": "affected", "version": "6.2.3.4" }, { "status": "affected", "version": "6.2.3.5" }, { "status": "affected", "version": "6.2.3.6" }, { "status": "affected", "version": "6.2.3.7" }, { "status": "affected", "version": "6.2.3.8" }, { "status": "affected", "version": "6.2.3.10" }, { "status": "affected", "version": "6.2.3.11" }, { "status": "affected", "version": "6.2.3.9" }, { "status": "affected", "version": "6.2.3.12" }, { "status": "affected", "version": "6.2.3.13" }, { "status": "affected", "version": "6.2.3.14" }, { "status": "affected", "version": "6.2.3.15" }, { "status": "affected", "version": "6.2.3.16" }, { "status": "affected", "version": "6.2.3.17" }, { "status": "affected", "version": "6.2.3.18" }, { "status": "affected", "version": "6.6.0" }, { "status": "affected", "version": "6.6.0.1" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.6.3" }, { "status": "affected", "version": "6.6.4" }, { "status": "affected", "version": "6.6.5" }, { "status": "affected", "version": "6.6.5.1" }, { "status": "affected", "version": "6.6.5.2" }, { "status": "affected", "version": "6.6.7" }, { "status": "affected", "version": "6.6.7.1" }, { "status": "affected", "version": "6.4.0" }, { "status": "affected", "version": "6.4.0.1" }, { "status": "affected", "version": "6.4.0.3" }, { "status": "affected", "version": "6.4.0.2" }, { "status": "affected", "version": "6.4.0.4" }, { "status": "affected", "version": "6.4.0.5" }, { "status": "affected", "version": "6.4.0.6" }, { "status": "affected", "version": "6.4.0.7" }, { "status": "affected", "version": "6.4.0.8" }, { "status": "affected", "version": "6.4.0.9" }, { "status": "affected", "version": "6.4.0.10" }, { "status": "affected", "version": "6.4.0.11" }, { "status": "affected", "version": "6.4.0.12" }, { "status": "affected", "version": "6.4.0.13" }, { "status": "affected", "version": "6.4.0.14" }, { "status": "affected", "version": "6.4.0.15" }, { "status": "affected", "version": "6.4.0.16" }, { "status": "affected", "version": "6.7.0" }, { "status": "affected", "version": "6.7.0.1" }, { "status": "affected", "version": "6.7.0.2" }, { "status": "affected", "version": "6.7.0.3" }, { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.0.1" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.1.1" }, { "status": "affected", "version": "7.0.2" }, { "status": "affected", "version": "7.0.2.1" }, { "status": "affected", "version": "7.0.3" }, { "status": "affected", "version": "7.0.4" }, { "status": "affected", "version": "7.0.5" }, { "status": "affected", "version": "7.1.0" }, { "status": "affected", "version": "7.1.0.1" }, { "status": "affected", "version": "7.1.0.2" }, { "status": "affected", "version": "7.1.0.3" }, { "status": "affected", "version": "7.2.0" }, { "status": "affected", "version": "7.2.0.1" }, { "status": "affected", "version": "7.2.1" }, { "status": "affected", "version": "7.2.2" }, { "status": "affected", "version": "7.2.3" }, { "status": "affected", "version": "7.3.0" }, { "status": "affected", "version": "7.3.1" }, { "status": "affected", "version": "7.3.1.1" } ] }, { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "2.2.1.63" }, { "status": "affected", "version": "2.2.1.66" }, { "status": "affected", "version": "2.2.1.70" }, { "status": "affected", "version": "2.2.2.17" }, { "status": "affected", "version": "2.2.2.19" }, { "status": "affected", "version": "2.2.2.24" }, { "status": "affected", "version": "2.2.2.26" }, { "status": "affected", "version": "2.2.2.28" }, { "status": "affected", "version": "2.2.2.54" }, { "status": "affected", "version": "2.2.2.60" }, { "status": "affected", "version": "2.2.2.71" }, { "status": "affected", "version": "2.2.2.83" }, { "status": "affected", "version": "2.2.2.86" }, { "status": "affected", "version": "2.2.2.91" }, { "status": "affected", "version": "2.2.2.97" }, { "status": "affected", "version": "2.2.2.101" }, { "status": "affected", "version": "2.2.2.137" }, { "status": "affected", "version": "2.2.2.148" }, { "status": "affected", "version": "2.2.2.149" }, { "status": "affected", "version": "2.3.1.99" }, { "status": "affected", "version": "2.3.1.93" }, { "status": "affected", "version": "2.3.1.91" }, { "status": "affected", "version": "2.3.1.88" }, { "status": "affected", "version": "2.3.1.75" }, { "status": "affected", "version": "2.3.1.73" }, { "status": "affected", "version": "2.3.1.66" }, { "status": "affected", "version": "2.3.1.58" }, { "status": "affected", "version": "2.3.1.130" }, { "status": "affected", "version": "2.3.1.111" }, { "status": "affected", "version": "2.3.1.110" }, { "status": "affected", "version": "2.3.1.144" }, { "status": "affected", "version": "2.3.1.145" }, { "status": "affected", "version": "2.3.1.155" }, { "status": "affected", "version": "2.3.1.166" }, { "status": "affected", "version": "2.3.1.173" }, { "status": "affected", "version": "2.3.1.179" }, { "status": "affected", "version": "2.3.1.180" }, { "status": "affected", "version": "2.3.1.56" }, { "status": "affected", "version": "2.3.1.190" }, { "status": "affected", "version": "2.3.1.215" }, { "status": "affected", "version": "2.3.1.216" }, { "status": "affected", "version": "2.3.1.219" }, { "status": "affected", "version": "2.3.1.230" }, { "status": "affected", "version": "2.6.1.131" }, { "status": "affected", "version": "2.6.1.157" }, { "status": "affected", "version": "2.6.1.166" }, { "status": "affected", "version": "2.6.1.169" }, { "status": "affected", "version": "2.6.1.174" }, { "status": "affected", "version": "2.6.1.187" }, { "status": "affected", "version": "2.6.1.192" }, { "status": "affected", "version": "2.6.1.204" }, { "status": "affected", "version": "2.6.1.214" }, { "status": "affected", "version": "2.6.1.224" }, { "status": "affected", "version": "2.6.1.229" }, { "status": "affected", "version": "2.6.1.230" }, { "status": "affected", "version": "2.6.1.238" }, { "status": "affected", "version": "2.6.1.239" }, { "status": "affected", "version": "2.6.1.254" }, { "status": "affected", "version": "2.6.1.259" }, { "status": "affected", "version": "2.8.1.105" }, { "status": "affected", "version": "2.8.1.125" }, { "status": "affected", "version": "2.8.1.139" }, { "status": "affected", "version": "2.8.1.143" }, { "status": "affected", "version": "2.8.1.152" }, { "status": "affected", "version": "2.8.1.162" }, { "status": "affected", "version": "2.8.1.164" }, { "status": "affected", "version": "2.8.1.172" }, { "status": "affected", "version": "2.8.1.186" }, { "status": "affected", "version": "2.8.1.190" }, { "status": "affected", "version": "2.9.1.131" }, { "status": "affected", "version": "2.9.1.135" }, { "status": "affected", "version": "2.9.1.143" }, { "status": "affected", "version": "2.9.1.150" }, { "status": "affected", "version": "2.9.1.158" }, { "status": "affected", "version": "2.10.1.159" }, { "status": "affected", "version": "2.10.1.166" }, { "status": "affected", "version": "2.10.1.179" }, { "status": "affected", "version": "2.10.1.207" }, { "status": "affected", "version": "2.10.1.234" }, { "status": "affected", "version": "2.11.1.154" }, { "status": "affected", "version": "2.11.1.182" }, { "status": "affected", "version": "2.12.0.31" }, { "status": "affected", "version": "2.12.0.432" }, { "status": "affected", "version": "2.12.0.450" }, { "status": "affected", "version": "2.13.0.198" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files.\r\n\r The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-73", "description": "External Control of File Name or Path", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:58:27.496Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-fxos-arbitrary-file-BLk6YupL", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-arbitrary-file-BLk6YupL" } ], "source": { "advisory": "cisco-sa-fxos-arbitrary-file-BLk6YupL", "defects": [ "CSCwb91812", "CSCwd35722", "CSCwd05772", "CSCwd35726" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20234", "datePublished": "2023-08-23T18:21:02.413Z", "dateReserved": "2022-10-27T18:47:50.369Z", "dateUpdated": "2024-08-02T09:05:35.918Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-12699
Vulnerability from cvelistv5
Published
2019-10-02 19:06
Modified
2024-11-20 17:06
Severity ?
EPSS score ?
Summary
Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Firepower Extensible Operating System (FXOS) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:24:39.241Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20191002 Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-12699", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:51:10.583231Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:06:54.317Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-02T19:06:49", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20191002 Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject" } ], "source": { "advisory": "cisco-sa-20191002-fxos-cmd-inject", "defect": [ [ "CSCvm14277", "CSCvm14279", "CSCvm25813", "CSCvm25894", "CSCvo42621", "CSCvo42651", "CSCvo83496" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-10-02T16:00:00-0700", "ID": "CVE-2019-12699", "STATE": "PUBLIC", "TITLE": "Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Firepower Extensible Operating System (FXOS)", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.8", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20191002 Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject" } ] }, "source": { "advisory": "cisco-sa-20191002-fxos-cmd-inject", "defect": [ [ "CSCvm14277", "CSCvm14279", "CSCvm25813", "CSCvm25894", "CSCvo42621", "CSCvo42651", "CSCvo83496" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-12699", "datePublished": "2019-10-02T19:06:49.219612Z", "dateReserved": "2019-06-04T00:00:00", "dateUpdated": "2024-11-20T17:06:54.317Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1858
Vulnerability from cvelistv5
Published
2019-05-16 01:20
Modified
2024-11-19 19:07
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108358 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Firepower Extensible Operating System (FXOS) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.870Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos" }, { "name": "108358", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108358" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1858", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-19T17:24:11.424585Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-19T19:07:01.018Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-17T07:06:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos" }, { "name": "108358", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108358" } ], "source": { "advisory": "cisco-sa-20190515-nxos-snmp-dos", "defect": [ [ "CSCvc58707", "CSCvd45657", "CSCvn19457", "CSCvn19463", "CSCvn19464", "CSCvn19465", "CSCvn19468", "CSCvn19483" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1858", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Firepower Extensible Operating System (FXOS)", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos" }, { "name": "108358", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108358" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-snmp-dos", "defect": [ [ "CSCvc58707", "CSCvd45657", "CSCvn19457", "CSCvn19463", "CSCvn19464", "CSCvn19465", "CSCvn19468", "CSCvn19483" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1858", "datePublished": "2019-05-16T01:20:22.764484Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-19T19:07:01.018Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }