All the vulnerabilites related to Cisco - Cisco NX-OS Software
cve-2019-1811
Vulnerability from cvelistv5
Published
2019-05-15 22:20
Modified
2024-11-20 17:18
Severity ?
EPSS score ?
Summary
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108425 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.875Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2" }, { "name": "108425", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108425" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1811", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:25.912653Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:18:58.154Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "CWE-347", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-23T08:06:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2" }, { "name": "108425", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108425" } ], "source": { "advisory": "cisco-sa-20190515-nxos-sisv2", "defect": [ [ "CSCvj14093", "CSCvj14106", "CSCvj14182", "CSCvk53125", "CSCvk53227", "CSCvk53256" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1811", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-347" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2" }, { "name": "108425", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108425" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-sisv2", "defect": [ [ "CSCvj14093", "CSCvj14106", "CSCvj14182", "CSCvk53125", "CSCvk53227", "CSCvk53256" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1811", "datePublished": "2019-05-15T22:20:32.758700Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:18:58.154Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1726
Vulnerability from cvelistv5
Published
2019-05-15 16:40
Modified
2024-09-16 16:39
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cli-bypass | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108409 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.237Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cli-bypass" }, { "name": "108409", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108409" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "6.2(25)", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "8.3(2)", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "7.0(3)I7(3)", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "9.2(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-22T13:06:04", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cli-bypass" }, { "name": "108409", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108409" } ], "source": { "advisory": "cisco-sa-20190515-nxos-cli-bypass", "defect": [ [ "CSCvh24771", "CSCvi99247", "CSCvi99248", "CSCvi99250", "CSCvi99251", "CSCvi99252", "CSCvn11851" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1726", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "6.2(25)" }, { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(2)" }, { "affected": "\u003c", "version_affected": "\u003c", "version_value": "7.0(3)I7(3)" }, { "affected": "\u003c", "version_affected": "\u003c", "version_value": "9.2(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.3", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cli-bypass" }, { "name": "108409", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108409" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-cli-bypass", "defect": [ [ "CSCvh24771", "CSCvi99247", "CSCvi99248", "CSCvi99250", "CSCvi99251", "CSCvi99252", "CSCvn11851" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1726", "datePublished": "2019-05-15T16:40:17.248159Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-16T16:39:15.111Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1591
Vulnerability from cvelistv5
Published
2021-08-25 19:11
Modified
2024-11-07 22:02
Severity ?
EPSS score ?
Summary
Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-acl-vrvQYPVe | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:10.758Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210825 Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-acl-vrvQYPVe" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1591", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-07T21:54:23.388201Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-07T22:02:06.690Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are configured on an affected device. This vulnerability is due to oversubscription of resources that occurs when applying ACLs to port channel interfaces. An attacker could exploit this vulnerability by attempting to access network resources that are protected by the ACL. A successful exploit could allow the attacker to access network resources that would be protected by the ACL that was applied on the port channel interface." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-25T19:11:24", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210825 Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-acl-vrvQYPVe" } ], "source": { "advisory": "cisco-sa-nexus-acl-vrvQYPVe", "defect": [ [ "CSCvx65385" ] ], "discovery": "INTERNAL" }, "title": "Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-08-25T16:00:00", "ID": "CVE-2021-1591", "STATE": "PUBLIC", "TITLE": "Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are configured on an affected device. This vulnerability is due to oversubscription of resources that occurs when applying ACLs to port channel interfaces. An attacker could exploit this vulnerability by attempting to access network resources that are protected by the ACL. A successful exploit could allow the attacker to access network resources that would be protected by the ACL that was applied on the port channel interface." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-284" } ] } ] }, "references": { "reference_data": [ { "name": "20210825 Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-acl-vrvQYPVe" } ] }, "source": { "advisory": "cisco-sa-nexus-acl-vrvQYPVe", "defect": [ [ "CSCvx65385" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1591", "datePublished": "2021-08-25T19:11:24.226647Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-07T22:02:06.690Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20050
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-10-25 16:03
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software CLI Command Injection Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20230222 Cisco NX-OS Software CLI Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cli-cmdinject-euQVK9u" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20050", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-25T14:36:39.198780Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T16:03:54.154Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software ", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2023-02-22T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-23T00:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20230222 Cisco NX-OS Software CLI Command Injection Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cli-cmdinject-euQVK9u" } ], "source": { "advisory": "cisco-sa-nxos-cli-cmdinject-euQVK9u", "defect": [ [ "CSCwd00653", "CSCwd18009", "CSCwd18011", "CSCwd18012", "CSCwd18013" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software CLI Command Injection Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20050", "datePublished": "2023-02-23T00:00:00", "dateReserved": "2022-10-27T00:00:00", "dateUpdated": "2024-10-25T16:03:54.154Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20623
Vulnerability from cvelistv5
Published
2022-02-23 17:40
Modified
2024-11-06 16:29
Severity ?
EPSS score ?
Summary
Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.907Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20220223 Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20623", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-06T16:01:52.135302Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-06T16:29:33.324Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-23T17:40:26", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20220223 Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn" } ], "source": { "advisory": "cisco-sa-nxos-bfd-dos-wGQXrzxn", "defect": [ [ "CSCvx75912" ] ], "discovery": "INTERNAL" }, "title": "Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-02-23T16:00:00", "ID": "CVE-2022-20623", "STATE": "PUBLIC", "TITLE": "Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-399" } ] } ] }, "references": { "reference_data": [ { "name": "20220223 Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn" } ] }, "source": { "advisory": "cisco-sa-nxos-bfd-dos-wGQXrzxn", "defect": [ [ "CSCvx75912" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20623", "datePublished": "2022-02-23T17:40:26.958880Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-06T16:29:33.324Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1813
Vulnerability from cvelistv5
Published
2019-05-15 22:20
Modified
2024-11-20 17:19
Severity ?
EPSS score ?
Summary
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108425 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.901Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2" }, { "name": "108425", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108425" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1813", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:29.095234Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:19:18.285Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "CWE-347", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-23T08:06:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2" }, { "name": "108425", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108425" } ], "source": { "advisory": "cisco-sa-20190515-nxos-sisv2", "defect": [ [ "CSCvj14093", "CSCvj14106", "CSCvj14182", "CSCvk53125", "CSCvk53227", "CSCvk53256" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1813", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-347" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2" }, { "name": "108425", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108425" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-sisv2", "defect": [ [ "CSCvj14093", "CSCvj14106", "CSCvj14182", "CSCvk53125", "CSCvk53227", "CSCvk53256" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1813", "datePublished": "2019-05-15T22:20:16.342103Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:19:18.285Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3398
Vulnerability from cvelistv5
Published
2020-08-27 15:40
Modified
2024-11-13 18:10
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:30:58.383Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200826 Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3398", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:13:11.138590Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T18:10:05.169Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-08-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-27T15:40:28", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200826 Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp" } ], "source": { "advisory": "cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp", "defect": [ [ "CSCvr60479" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-08-26T16:00:00", "ID": "CVE-2020-3398", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20200826 Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp" } ] }, "source": { "advisory": "cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp", "defect": [ [ "CSCvr60479" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3398", "datePublished": "2020-08-27T15:40:28.988414Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T18:10:05.169Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1791
Vulnerability from cvelistv5
Published
2019-05-15 20:15
Modified
2024-11-20 17:19
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1791 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108390 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.852Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1791)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1791" }, { "name": "108390", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108390" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1791", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:36.029423Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:19:55.964Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-21T09:06:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1791)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1791" }, { "name": "108390", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108390" } ], "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1791", "defect": [ [ "CSCvj63270", "CSCvj63667", "CSCvk50873", "CSCvk50876", "CSCvk50889" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1791", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1791)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1791" }, { "name": "108390", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108390" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1791", "defect": [ [ "CSCvj63270", "CSCvj63667", "CSCvk50873", "CSCvk50876", "CSCvk50889" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1791", "datePublished": "2019-05-15T20:15:27.487532Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:19:55.964Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3168
Vulnerability from cvelistv5
Published
2020-02-26 16:51
Modified
2024-11-15 17:37
Severity ?
EPSS score ?
Summary
Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:24:00.707Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200226 Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3168", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:22:14.972709Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:37:29.279Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2020-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-26T16:51:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200226 Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos" } ], "source": { "advisory": "cisco-sa-20200226-nexus-1000v-dos", "defect": [ [ "CSCvp26722" ] ], "discovery": "INTERNAL" }, "title": "Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-02-26T16:00:00-0800", "ID": "CVE-2020-3168", "STATE": "PUBLIC", "TITLE": "Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "7.5", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-399" } ] } ] }, "references": { "reference_data": [ { "name": "20200226 Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos" } ] }, "source": { "advisory": "cisco-sa-20200226-nexus-1000v-dos", "defect": [ [ "CSCvp26722" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3168", "datePublished": "2020-02-26T16:51:00.640088Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-15T17:37:29.279Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1768
Vulnerability from cvelistv5
Published
2019-05-16 01:25
Modified
2024-11-20 17:18
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108386 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.669Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj" }, { "name": "108386", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108386" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1768", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:18.695033Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:18:02.308Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-20T15:06:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj" }, { "name": "108386", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108386" } ], "source": { "advisory": "cisco-sa-20190515-nxos-overflow-inj", "defect": [ [ "CSCvh76129", "CSCvh76132", "CSCvj00497", "CSCvj10162" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1768", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj" }, { "name": "108386", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108386" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-overflow-inj", "defect": [ [ "CSCvh76129", "CSCvh76132", "CSCvj00497", "CSCvj10162" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1768", "datePublished": "2019-05-16T01:25:21.627879Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:18:02.308Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20289
Vulnerability from cvelistv5
Published
2024-08-28 16:31
Modified
2024-08-28 17:24
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Command Injection Vulnerability
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20289", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-28T17:24:09.815266Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T17:24:18.101Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "9.3(5w)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7k)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "10.2(2a)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "10.3(3)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "9.3(12)" }, { "status": "affected", "version": "10.2(3v)" }, { "status": "affected", "version": "10.4(1)" }, { "status": "affected", "version": "10.3(99w)" }, { "status": "affected", "version": "10.2(6)" }, { "status": "affected", "version": "10.3(3w)" }, { "status": "affected", "version": "10.3(99x)" }, { "status": "affected", "version": "10.3(3o)" }, { "status": "affected", "version": "10.3(4)" }, { "status": "affected", "version": "10.3(3p)" }, { "status": "affected", "version": "10.3(4a)" }, { "status": "affected", "version": "10.4(2)" }, { "status": "affected", "version": "10.3(3q)" }, { "status": "affected", "version": "10.3(3x)" }, { "status": "affected", "version": "10.3(4g)" }, { "status": "affected", "version": "10.3(3r)" } ] }, { "defaultStatus": "unknown", "product": "Cisco NX-OS System Software in ACI Mode", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "16.0(2h)" }, { "status": "affected", "version": "16.0(2j)" }, { "status": "affected", "version": "16.0(3d)" }, { "status": "affected", "version": "16.0(3e)" }, { "status": "affected", "version": "16.0(4c)" }, { "status": "affected", "version": "16.0(5h)" }, { "status": "affected", "version": "16.0(3g)" }, { "status": "affected", "version": "16.0(5j)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-28T16:31:23.856Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-cmdinj-Lq6jsZhH", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-Lq6jsZhH" } ], "source": { "advisory": "cisco-sa-nxos-cmdinj-Lq6jsZhH", "defects": [ "CSCwh77786" ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Command Injection Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20289", "datePublished": "2024-08-28T16:31:23.856Z", "dateReserved": "2023-11-08T15:08:07.627Z", "dateUpdated": "2024-08-28T17:24:18.101Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3394
Vulnerability from cvelistv5
Published
2020-08-27 15:40
Modified
2024-11-13 18:09
Severity ?
EPSS score ?
Summary
Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3n9k-priv-escal-3QhXJBC | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:30:58.161Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200826 Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3n9k-priv-escal-3QhXJBC" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3394", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:18:12.987319Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T18:09:48.378Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-08-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-27T15:40:38", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200826 Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3n9k-priv-escal-3QhXJBC" } ], "source": { "advisory": "cisco-sa-n3n9k-priv-escal-3QhXJBC", "defect": [ [ "CSCvt77885" ] ], "discovery": "INTERNAL" }, "title": "Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-08-26T16:00:00", "ID": "CVE-2020-3394", "STATE": "PUBLIC", "TITLE": "Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "7.8", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-285" } ] } ] }, "references": { "reference_data": [ { "name": "20200826 Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3n9k-priv-escal-3QhXJBC" } ] }, "source": { "advisory": "cisco-sa-n3n9k-priv-escal-3QhXJBC", "defect": [ [ "CSCvt77885" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3394", "datePublished": "2020-08-27T15:40:38.740636Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T18:09:48.378Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1769
Vulnerability from cvelistv5
Published
2019-05-15 19:20
Modified
2024-11-20 17:21
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Line Card Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-linecardinj-1769 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108393 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.806Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Line Card Command Injection Vulnerability (CVE-2019-1769)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-linecardinj-1769" }, { "name": "108393", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108393" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1769", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:57.272461Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:21:59.855Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-21T09:06:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Line Card Command Injection Vulnerability (CVE-2019-1769)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-linecardinj-1769" }, { "name": "108393", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108393" } ], "source": { "advisory": "cisco-sa-20190515-nxos-linecardinj-1769", "defect": [ [ "CSCvh20032", "CSCvj00299" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Line Card Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1769", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Line Card Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Line Card Command Injection Vulnerability (CVE-2019-1769)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-linecardinj-1769" }, { "name": "108393", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108393" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-linecardinj-1769", "defect": [ [ "CSCvh20032", "CSCvj00299" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1769", "datePublished": "2019-05-15T19:20:25.137561Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:21:59.855Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1588
Vulnerability from cvelistv5
Published
2021-08-25 19:11
Modified
2024-11-07 22:02
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:10.931Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210825 Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1588", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-07T21:54:25.820055Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-07T22:02:19.462Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply packet. An attacker could exploit this vulnerability by sending malicious MPLS echo-request or echo-reply packets to an interface that is enabled for MPLS forwarding on the affected device. A successful exploit could allow the attacker to cause the MPLS OAM process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-25T19:11:13", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210825 Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM" } ], "source": { "advisory": "cisco-sa-nxos-mpls-oam-dos-sGO9x5GM", "defect": [ [ "CSCvx48078", "CSCvx66765" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-08-25T16:00:00", "ID": "CVE-2021-1588", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply packet. An attacker could exploit this vulnerability by sending malicious MPLS echo-request or echo-reply packets to an interface that is enabled for MPLS forwarding on the affected device. A successful exploit could allow the attacker to cause the MPLS OAM process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-126" } ] } ] }, "references": { "reference_data": [ { "name": "20210825 Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM" } ] }, "source": { "advisory": "cisco-sa-nxos-mpls-oam-dos-sGO9x5GM", "defect": [ [ "CSCvx48078", "CSCvx66765" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1588", "datePublished": "2021-08-25T19:11:13.438325Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-07T22:02:19.462Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1779
Vulnerability from cvelistv5
Published
2019-05-15 19:40
Modified
2024-09-16 18:08
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1779 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108394 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.641Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1779)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1779" }, { "name": "108394", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108394" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-21T17:06:03", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1779)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1779" }, { "name": "108394", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108394" } ], "source": { "advisory": "cisco-sa-20190515-nxos-fxos-cmdinj-1779", "defect": [ [ "CSCve51688", "CSCvh76126", "CSCvj00412", "CSCvj00416", "CSCvj00418" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1779", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.2", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1779)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1779" }, { "name": "108394", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108394" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-fxos-cmdinj-1779", "defect": [ [ "CSCve51688", "CSCvh76126", "CSCvj00412", "CSCvj00416", "CSCvj00418" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1779", "datePublished": "2019-05-15T19:40:16.540228Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-16T18:08:07.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1784
Vulnerability from cvelistv5
Published
2019-05-15 20:05
Modified
2024-11-20 17:20
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmd-inject-1784 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108369 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.848Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmd-inject-1784" }, { "name": "108369", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108369" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1784", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:40.787544Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:20:22.812Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-17T12:06:06", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmd-inject-1784" }, { "name": "108369", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108369" } ], "source": { "advisory": "cisco-sa-20190515-nxos-cmd-inject-1784", "defect": [ [ "CSCvi42292", "CSCvj12273", "CSCvj12274" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1784", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmd-inject-1784" }, { "name": "108369", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108369" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-cmd-inject-1784", "defect": [ [ "CSCvi42292", "CSCvj12273", "CSCvj12274" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1784", "datePublished": "2019-05-15T20:05:21.750001Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:20:22.812Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1780
Vulnerability from cvelistv5
Published
2019-05-16 17:00
Modified
2024-09-16 16:34
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108392 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.632Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1780)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780" }, { "name": "108392", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108392" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-21T09:06:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1780)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780" }, { "name": "108392", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108392" } ], "source": { "advisory": "cisco-sa-20190515-nxos-fxos-cmdinj-1780", "defect": [ [ "CSCvi01431", "CSCvi01440", "CSCvi92326", "CSCvi92328", "CSCvi92329", "CSCvi92332" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1780", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.2", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1780)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780" }, { "name": "108392", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108392" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-fxos-cmdinj-1780", "defect": [ [ "CSCvi01431", "CSCvi01440", "CSCvi92326", "CSCvi92328", "CSCvi92329", "CSCvi92332" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1780", "datePublished": "2019-05-16T17:00:17.177415Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-16T16:34:04.695Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1735
Vulnerability from cvelistv5
Published
2019-05-15 18:45
Modified
2024-09-16 21:09
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1735 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108365 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:41.976Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1735" }, { "name": "108365", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108365" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-17T12:06:06", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1735" }, { "name": "108365", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108365" } ], "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1735", "defect": [ [ "CSCvj63728", "CSCvj63877", "CSCvk52969", "CSCvk52971", "CSCvk52972", "CSCvk52975", "CSCvk52985", "CSCvk52988" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1735", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.4", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1735" }, { "name": "108365", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108365" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1735", "defect": [ [ "CSCvj63728", "CSCvj63877", "CSCvk52969", "CSCvk52971", "CSCvk52972", "CSCvk52975", "CSCvk52985", "CSCvk52988" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1735", "datePublished": "2019-05-15T18:45:28.744805Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-16T21:09:08.636Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20294
Vulnerability from cvelistv5
Published
2024-02-28 16:16
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device.
Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20294", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-29T18:49:22.444391Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:40:18.434Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.160Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nxos-lldp-dos-z7PncTgt", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-lldp-dos-z7PncTgt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.0(2)A3(1)" }, { "status": "affected", "version": "6.0(2)A3(2)" }, { "status": "affected", "version": "6.0(2)A3(4)" }, { "status": "affected", "version": "6.0(2)A4(1)" }, { "status": "affected", "version": "6.0(2)A4(2)" }, { "status": "affected", "version": "6.0(2)A4(3)" }, { "status": "affected", "version": "6.0(2)A4(4)" }, { "status": "affected", "version": "6.0(2)A4(5)" }, { "status": "affected", "version": "6.0(2)A4(6)" }, { "status": "affected", "version": "6.0(2)A6(1)" }, { "status": "affected", "version": "6.0(2)A6(1a)" }, { "status": "affected", "version": "6.0(2)A6(2)" }, { "status": "affected", "version": "6.0(2)A6(2a)" }, { "status": "affected", "version": "6.0(2)A6(3)" }, { "status": "affected", "version": "6.0(2)A6(3a)" }, { "status": "affected", "version": "6.0(2)A6(4)" }, { "status": "affected", "version": "6.0(2)A6(4a)" }, { "status": "affected", "version": "6.0(2)A6(5)" }, { "status": "affected", "version": "6.0(2)A6(5a)" }, { "status": "affected", "version": "6.0(2)A6(5b)" }, { "status": "affected", "version": "6.0(2)A6(6)" }, { "status": "affected", "version": "6.0(2)A6(7)" }, { "status": "affected", "version": "6.0(2)A6(8)" }, { "status": "affected", "version": "6.0(2)A7(1)" }, { "status": "affected", "version": "6.0(2)A7(1a)" }, { "status": "affected", "version": "6.0(2)A7(2)" }, { "status": "affected", "version": "6.0(2)A7(2a)" }, { "status": "affected", "version": "6.0(2)A8(1)" }, { "status": "affected", "version": "6.0(2)A8(2)" }, { "status": "affected", "version": "6.0(2)A8(3)" }, { "status": "affected", "version": "6.0(2)A8(4)" }, { "status": "affected", "version": "6.0(2)A8(4a)" }, { "status": "affected", "version": "6.0(2)A8(5)" }, { "status": "affected", "version": "6.0(2)A8(6)" }, { "status": "affected", "version": "6.0(2)A8(7)" }, { "status": "affected", "version": "6.0(2)A8(7a)" }, { "status": "affected", "version": "6.0(2)A8(7b)" }, { "status": "affected", "version": "6.0(2)A8(8)" }, { "status": "affected", "version": "6.0(2)A8(9)" }, { "status": "affected", "version": "6.0(2)A8(10a)" }, { "status": "affected", "version": "6.0(2)A8(10)" }, { "status": "affected", "version": "6.0(2)A8(11)" }, { "status": "affected", "version": "6.0(2)A8(11a)" }, { "status": "affected", "version": "6.0(2)A8(11b)" }, { "status": "affected", "version": "6.0(2)U2(1)" }, { "status": "affected", "version": "6.0(2)U2(2)" }, { "status": "affected", "version": "6.0(2)U2(3)" }, { "status": "affected", "version": "6.0(2)U2(4)" }, { "status": "affected", "version": "6.0(2)U2(5)" }, { "status": "affected", "version": "6.0(2)U2(6)" }, { "status": "affected", "version": "6.0(2)U3(1)" }, { "status": "affected", "version": "6.0(2)U3(2)" }, { "status": "affected", "version": "6.0(2)U3(3)" }, { "status": "affected", "version": "6.0(2)U3(4)" }, { "status": "affected", "version": "6.0(2)U3(5)" }, { "status": "affected", "version": "6.0(2)U3(6)" }, { "status": "affected", "version": "6.0(2)U3(7)" }, { "status": "affected", "version": "6.0(2)U3(8)" }, { "status": "affected", "version": "6.0(2)U3(9)" }, { "status": "affected", "version": "6.0(2)U4(1)" }, { "status": "affected", "version": "6.0(2)U4(2)" }, { "status": "affected", "version": "6.0(2)U4(3)" }, { "status": "affected", "version": "6.0(2)U4(4)" }, { "status": "affected", "version": "6.0(2)U5(1)" }, { "status": "affected", "version": "6.0(2)U5(2)" }, { "status": "affected", "version": "6.0(2)U5(3)" }, { "status": "affected", "version": "6.0(2)U5(4)" }, { "status": "affected", "version": "6.0(2)U6(1)" }, { "status": "affected", "version": "6.0(2)U6(2)" }, { "status": "affected", "version": "6.0(2)U6(3)" }, { "status": "affected", "version": "6.0(2)U6(4)" }, { "status": "affected", "version": "6.0(2)U6(5)" }, { "status": "affected", "version": "6.0(2)U6(6)" }, { "status": "affected", "version": "6.0(2)U6(7)" }, { "status": "affected", "version": "6.0(2)U6(8)" }, { "status": "affected", "version": "6.0(2)U6(1a)" }, { "status": "affected", "version": "6.0(2)U6(2a)" }, { "status": "affected", "version": "6.0(2)U6(3a)" }, { "status": "affected", "version": "6.0(2)U6(4a)" }, { "status": "affected", "version": "6.0(2)U6(5a)" }, { "status": "affected", "version": "6.0(2)U6(5b)" }, { "status": "affected", "version": "6.0(2)U6(5c)" }, { "status": "affected", "version": "6.0(2)U6(9)" }, { "status": "affected", "version": "6.0(2)U6(10)" }, { "status": "affected", "version": "6.2(2)" }, { "status": "affected", "version": "6.2(2a)" }, { "status": "affected", "version": "6.2(6)" }, { "status": "affected", "version": "6.2(6b)" }, { "status": "affected", "version": "6.2(8)" }, { "status": "affected", "version": "6.2(8a)" }, { "status": "affected", "version": "6.2(8b)" }, { "status": "affected", "version": "6.2(10)" }, { "status": "affected", "version": "6.2(12)" }, { "status": "affected", "version": "6.2(18)" }, { "status": "affected", "version": "6.2(16)" }, { "status": "affected", "version": "6.2(14)" }, { "status": "affected", "version": "6.2(6a)" }, { "status": "affected", "version": "6.2(20)" }, { "status": "affected", "version": "6.2(1)" }, { "status": "affected", "version": "6.2(3)" }, { "status": "affected", "version": "6.2(5)" }, { "status": "affected", "version": "6.2(5a)" }, { "status": "affected", "version": "6.2(5b)" }, { "status": "affected", "version": "6.2(7)" }, { "status": "affected", "version": "6.2(9)" }, { "status": "affected", "version": "6.2(9a)" }, { "status": "affected", "version": "6.2(9b)" }, { "status": "affected", "version": "6.2(9c)" }, { "status": "affected", "version": "6.2(11)" }, { "status": "affected", "version": "6.2(11b)" }, { "status": "affected", "version": "6.2(11c)" }, { "status": "affected", "version": "6.2(11d)" }, { "status": "affected", "version": "6.2(11e)" }, { "status": "affected", "version": "6.2(13)" }, { "status": "affected", "version": "6.2(13a)" }, { "status": "affected", "version": "6.2(13b)" }, { "status": "affected", "version": "6.2(15)" }, { "status": "affected", "version": "6.2(17)" }, { "status": "affected", "version": "6.2(19)" }, { "status": "affected", "version": "6.2(21)" }, { "status": "affected", "version": "6.2(23)" }, { "status": "affected", "version": "6.2(20a)" }, { "status": "affected", "version": "6.2(25)" }, { "status": "affected", "version": "6.2(22)" }, { "status": "affected", "version": "6.2(27)" }, { "status": "affected", "version": "6.2(29)" }, { "status": "affected", "version": "6.2(24)" }, { "status": "affected", "version": "6.2(31)" }, { "status": "affected", "version": "6.2(24a)" }, { "status": "affected", "version": "6.2(33)" }, { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "7.0(3)I2(2a)" }, { "status": "affected", "version": "7.0(3)I2(2b)" }, { "status": "affected", "version": "7.0(3)I2(2c)" }, { "status": "affected", "version": "7.0(3)I2(2d)" }, { "status": "affected", "version": "7.0(3)I2(2e)" }, { "status": "affected", "version": "7.0(3)I2(3)" }, { "status": "affected", "version": "7.0(3)I2(4)" }, { "status": "affected", "version": "7.0(3)I2(5)" }, { "status": "affected", "version": "7.0(3)I2(1)" }, { "status": "affected", "version": "7.0(3)I2(1a)" }, { "status": "affected", "version": "7.0(3)I2(2)" }, { "status": "affected", "version": "7.0(3)I3(1)" }, { "status": "affected", "version": "7.0(3)I4(1)" }, { "status": "affected", "version": "7.0(3)I4(2)" }, { "status": "affected", "version": "7.0(3)I4(3)" }, { "status": "affected", "version": "7.0(3)I4(4)" }, { "status": "affected", "version": "7.0(3)I4(5)" }, { "status": "affected", "version": "7.0(3)I4(6)" }, { "status": "affected", "version": "7.0(3)I4(7)" }, { "status": "affected", "version": "7.0(3)I4(8)" }, { "status": "affected", "version": "7.0(3)I4(8a)" }, { "status": "affected", "version": "7.0(3)I4(8b)" }, { "status": "affected", "version": "7.0(3)I4(8z)" }, { "status": "affected", "version": "7.0(3)I4(9)" }, { "status": "affected", "version": "7.0(3)I5(1)" }, { "status": "affected", "version": "7.0(3)I5(2)" }, { "status": "affected", "version": "7.0(3)I6(1)" }, { "status": "affected", "version": "7.0(3)I6(2)" }, { "status": "affected", "version": "7.0(3)I7(1)" }, { "status": "affected", "version": "7.0(3)I7(2)" }, { "status": "affected", "version": "7.0(3)I7(3)" }, { "status": "affected", "version": "7.0(3)I7(4)" }, { "status": "affected", "version": "7.0(3)I7(5)" }, { "status": "affected", "version": "7.0(3)I7(5a)" }, { "status": "affected", "version": "7.0(3)I7(6)" }, { "status": "affected", "version": "7.0(3)I7(7)" }, { "status": "affected", "version": "7.0(3)I7(8)" }, { "status": "affected", "version": "7.0(3)I7(9)" }, { "status": "affected", "version": "7.0(3)I7(10)" }, { "status": "affected", "version": "7.1(0)N1(1a)" }, { "status": "affected", "version": "7.1(0)N1(1b)" }, { "status": "affected", "version": "7.1(0)N1(1)" }, { "status": "affected", "version": "7.1(1)N1(1)" }, { "status": "affected", "version": "7.1(2)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(2)" }, { "status": "affected", "version": "7.1(4)N1(1)" }, { "status": "affected", "version": "7.1(5)N1(1)" }, { "status": "affected", "version": "7.1(5)N1(1b)" }, { "status": "affected", "version": "7.2(0)D1(1)" }, { "status": "affected", "version": "7.2(1)D1(1)" }, { "status": "affected", "version": "7.2(2)D1(2)" }, { "status": "affected", "version": "7.2(2)D1(1)" }, { "status": "affected", "version": "7.3(0)D1(1)" }, { "status": "affected", "version": "7.3(0)DX(1)" }, { "status": "affected", "version": "7.3(0)DY(1)" }, { "status": "affected", "version": "7.3(0)N1(1)" }, { "status": "affected", "version": "7.3(1)D1(1)" }, { "status": "affected", "version": "7.3(1)DY(1)" }, { "status": "affected", "version": "7.3(1)N1(1)" }, { "status": "affected", "version": "7.3(2)D1(1)" }, { "status": "affected", "version": "7.3(2)D1(2)" }, { "status": "affected", "version": "7.3(2)D1(3)" }, { "status": "affected", "version": "7.3(2)D1(3a)" }, { "status": "affected", "version": "7.3(2)N1(1)" }, { "status": "affected", "version": "7.3(3)N1(1)" }, { "status": "affected", "version": "8.0(1)" }, { "status": "affected", "version": "8.1(1)" }, { "status": "affected", "version": "8.1(2)" }, { "status": "affected", "version": "8.1(2a)" }, { "status": "affected", "version": "8.1(1a)" }, { "status": "affected", "version": "8.1(1b)" }, { "status": "affected", "version": "8.2(1)" }, { "status": "affected", "version": "8.2(2)" }, { "status": "affected", "version": "8.2(3)" }, { "status": "affected", "version": "8.2(4)" }, { "status": "affected", "version": "8.2(5)" }, { "status": "affected", "version": "8.2(6)" }, { "status": "affected", "version": "8.2(7)" }, { "status": "affected", "version": "8.2(7a)" }, { "status": "affected", "version": "8.2(8)" }, { "status": "affected", "version": "8.2(9)" }, { "status": "affected", "version": "8.2(10)" }, { "status": "affected", "version": "8.3(1)" }, { "status": "affected", "version": "8.3(2)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "9.2(1a)" }, { "status": "affected", "version": "7.3(4)N1(1)" }, { "status": "affected", "version": "7.3(3)D1(1)" }, { "status": "affected", "version": "7.3(4)D1(1)" }, { "status": "affected", "version": "7.3(5)N1(1)" }, { "status": "affected", "version": "8.4(1)" }, { "status": "affected", "version": "8.4(1a)" }, { "status": "affected", "version": "8.4(2)" }, { "status": "affected", "version": "8.4(2a)" }, { "status": "affected", "version": "8.4(3)" }, { "status": "affected", "version": "8.4(2b)" }, { "status": "affected", "version": "8.4(4)" }, { "status": "affected", "version": "8.4(2c)" }, { "status": "affected", "version": "8.4(4a)" }, { "status": "affected", "version": "8.4(5)" }, { "status": "affected", "version": "8.4(2d)" }, { "status": "affected", "version": "8.4(6)" }, { "status": "affected", "version": "8.4(2e)" }, { "status": "affected", "version": "8.4(6a)" }, { "status": "affected", "version": "8.4(7)" }, { "status": "affected", "version": "8.4(2f)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "9.3(2a)" }, { "status": "affected", "version": "7.3(6)N1(1)" }, { "status": "affected", "version": "7.3(5)D1(1)" }, { "status": "affected", "version": "7.3(7)N1(1)" }, { "status": "affected", "version": "7.3(7)N1(1a)" }, { "status": "affected", "version": "7.3(7)N1(1b)" }, { "status": "affected", "version": "7.3(6)D1(1)" }, { "status": "affected", "version": "7.3(8)N1(1)" }, { "status": "affected", "version": "7.3(7)D1(1)" }, { "status": "affected", "version": "7.3(9)N1(1)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "8.5(1)" }, { "status": "affected", "version": "7.3(10)N1(1)" }, { "status": "affected", "version": "7.3(8)D1(1)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "10.2(3v)" }, { "status": "affected", "version": "7.3(9)D1(1)" }, { "status": "affected", "version": "7.3(11)N1(1)" }, { "status": "affected", "version": "7.3(12)N1(1)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "7.3(13)N1(1)" } ] }, { "product": "Cisco Unified Computing System (Managed)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "3.1(1e)" }, { "status": "affected", "version": "3.1(1g)" }, { "status": "affected", "version": "3.1(1h)" }, { "status": "affected", "version": "3.1(1k)" }, { "status": "affected", "version": "3.1(1l)" }, { "status": "affected", "version": "3.1(2b)" }, { "status": "affected", "version": "3.1(2c)" }, { "status": "affected", "version": "3.1(2e)" }, { "status": "affected", "version": "3.1(2f)" }, { "status": "affected", "version": "3.1(2g)" }, { "status": "affected", "version": "3.1(2h)" }, { "status": "affected", "version": "3.1(3a)" }, { "status": "affected", "version": "3.1(3b)" }, { "status": "affected", "version": "3.1(3c)" }, { "status": "affected", "version": "3.1(3d)" }, { "status": "affected", "version": "3.1(3e)" }, { "status": "affected", "version": "3.1(3f)" }, { "status": "affected", "version": "3.1(3h)" }, { "status": "affected", "version": "3.1(3j)" }, { "status": "affected", "version": "3.1(3k)" }, { "status": "affected", "version": "3.1(2d)" }, { "status": "affected", "version": "3.1(3l)" }, { "status": "affected", "version": "3.2(1d)" }, { "status": "affected", "version": "3.2(2b)" }, { "status": "affected", "version": "3.2(2c)" }, { "status": "affected", "version": "3.2(2d)" }, { "status": "affected", "version": "3.2(2e)" }, { "status": "affected", "version": "3.2(2f)" }, { "status": "affected", "version": "3.2(3a)" }, { "status": "affected", "version": "3.2(3b)" }, { "status": "affected", "version": "3.2(3d)" }, { "status": "affected", "version": "3.2(3e)" }, { "status": "affected", "version": "3.2(3g)" }, { "status": "affected", "version": "3.2(3h)" }, { "status": "affected", "version": "3.2(3i)" }, { "status": "affected", "version": "3.2(3j)" }, { "status": "affected", "version": "3.2(3k)" }, { "status": "affected", "version": "3.2(3l)" }, { "status": "affected", "version": "3.2(3n)" }, { "status": "affected", "version": "3.2(3o)" }, { "status": "affected", "version": "3.2(3p)" }, { "status": "affected", "version": "4.0(1a)" }, { "status": "affected", "version": "4.0(1b)" }, { "status": "affected", "version": "4.0(1c)" }, { "status": "affected", "version": "4.0(1d)" }, { "status": "affected", "version": "4.0(2a)" }, { "status": "affected", "version": "4.0(2b)" }, { "status": "affected", "version": "4.0(2d)" }, { "status": "affected", "version": "4.0(2e)" }, { "status": "affected", "version": "4.0(4b)" }, { "status": "affected", "version": "4.0(4c)" }, { "status": "affected", "version": "4.0(4d)" }, { "status": "affected", "version": "4.0(4e)" }, { "status": "affected", "version": "4.0(4f)" }, { "status": "affected", "version": "4.0(4g)" }, { "status": "affected", "version": "4.0(4h)" }, { "status": "affected", "version": "4.0(4a)" }, { "status": "affected", "version": "4.0(4i)" }, { "status": "affected", "version": "4.0(4k)" }, { "status": "affected", "version": "4.0(4l)" }, { "status": "affected", "version": "4.0(4m)" }, { "status": "affected", "version": "4.0(4n)" }, { "status": "affected", "version": "4.0(4o)" }, { "status": "affected", "version": "4.1(1a)" }, { "status": "affected", "version": "4.1(1b)" }, { "status": "affected", "version": "4.1(1c)" }, { "status": "affected", "version": "4.1(2a)" }, { "status": "affected", "version": "4.1(1d)" }, { "status": "affected", "version": "4.1(1e)" }, { "status": "affected", "version": "4.1(2b)" }, { "status": "affected", "version": "4.1(3a)" }, { "status": "affected", "version": "4.1(3b)" }, { "status": "affected", "version": "4.1(2c)" }, { "status": "affected", "version": "4.1(3d)" }, { "status": "affected", "version": "4.1(3c)" }, { "status": "affected", "version": "4.1(3e)" }, { "status": "affected", "version": "4.1(3f)" }, { "status": "affected", "version": "4.1(3h)" }, { "status": "affected", "version": "4.1(3i)" }, { "status": "affected", "version": "4.1(3j)" }, { "status": "affected", "version": "4.1(3k)" }, { "status": "affected", "version": "4.1(3l)" }, { "status": "affected", "version": "4.2(1d)" }, { "status": "affected", "version": "4.2(1c)" }, { "status": "affected", "version": "4.2(1f)" }, { "status": "affected", "version": "4.2(1i)" }, { "status": "affected", "version": "4.2(1k)" }, { "status": "affected", "version": "4.2(1l)" }, { "status": "affected", "version": "4.2(1m)" }, { "status": "affected", "version": "4.2(2a)" }, { "status": "affected", "version": "4.2(2c)" }, { "status": "affected", "version": "4.2(1n)" }, { "status": "affected", "version": "4.2(2d)" }, { "status": "affected", "version": "4.2(3b)" }, { "status": "affected", "version": "4.2(2e)" }, { "status": "affected", "version": "4.2(3d)" }, { "status": "affected", "version": "4.2(3e)" }, { "status": "affected", "version": "4.2(3g)" }, { "status": "affected", "version": "4.2(3h)" }, { "status": "affected", "version": "4.2(3i)" } ] }, { "product": "Cisco Firepower Extensible Operating System (FXOS)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "2.2.1.63" }, { "status": "affected", "version": "2.2.1.66" }, { "status": "affected", "version": "2.2.1.70" }, { "status": "affected", "version": "2.2.2.17" }, { "status": "affected", "version": "2.2.2.19" }, { "status": "affected", "version": "2.2.2.24" }, { "status": "affected", "version": "2.2.2.26" }, { "status": "affected", "version": "2.2.2.28" }, { "status": "affected", "version": "2.2.2.54" }, { "status": "affected", "version": "2.2.2.60" }, { "status": "affected", "version": "2.2.2.71" }, { "status": "affected", "version": "2.2.2.83" }, { "status": "affected", "version": "2.2.2.86" }, { "status": "affected", "version": "2.2.2.91" }, { "status": "affected", "version": "2.2.2.97" }, { "status": "affected", "version": "2.2.2.101" }, { "status": "affected", "version": "2.2.2.137" }, { "status": "affected", "version": "2.2.2.148" }, { "status": "affected", "version": "2.2.2.149" }, { "status": "affected", "version": "2.3.1.99" }, { "status": "affected", "version": "2.3.1.93" }, { "status": "affected", "version": "2.3.1.91" }, { "status": "affected", "version": "2.3.1.88" }, { "status": "affected", "version": "2.3.1.75" }, { "status": "affected", "version": "2.3.1.73" }, { "status": "affected", "version": "2.3.1.66" }, { "status": "affected", "version": "2.3.1.58" }, { "status": "affected", "version": "2.3.1.130" }, { "status": "affected", "version": "2.3.1.111" }, { "status": "affected", "version": "2.3.1.110" }, { "status": "affected", "version": "2.3.1.144" }, { "status": "affected", "version": "2.3.1.145" }, { "status": "affected", "version": "2.3.1.155" }, { "status": "affected", "version": "2.3.1.166" }, { "status": "affected", "version": "2.3.1.173" }, { "status": "affected", "version": "2.3.1.179" }, { "status": "affected", "version": "2.3.1.180" }, { "status": "affected", "version": "2.3.1.56" }, { "status": "affected", "version": "2.3.1.190" }, { "status": "affected", "version": "2.3.1.215" }, { "status": "affected", "version": "2.3.1.216" }, { "status": "affected", "version": "2.3.1.219" }, { "status": "affected", "version": "2.3.1.230" }, { "status": "affected", "version": "2.6.1.131" }, { "status": "affected", "version": "2.6.1.157" }, { "status": "affected", "version": "2.6.1.166" }, { "status": "affected", "version": "2.6.1.169" }, { "status": "affected", "version": "2.6.1.174" }, { "status": "affected", "version": "2.6.1.187" }, { "status": "affected", "version": "2.6.1.192" }, { "status": "affected", "version": "2.6.1.204" }, { "status": "affected", "version": "2.6.1.214" }, { "status": "affected", "version": "2.6.1.224" }, { "status": "affected", "version": "2.6.1.229" }, { "status": "affected", "version": "2.6.1.230" }, { "status": "affected", "version": "2.6.1.238" }, { "status": "affected", "version": "2.6.1.239" }, { "status": "affected", "version": "2.6.1.254" }, { "status": "affected", "version": "2.6.1.259" }, { "status": "affected", "version": "2.6.1.264" }, { "status": "affected", "version": "2.6.1.265" }, { "status": "affected", "version": "2.8.1.105" }, { "status": "affected", "version": "2.8.1.125" }, { "status": "affected", "version": "2.8.1.139" }, { "status": "affected", "version": "2.8.1.143" }, { "status": "affected", "version": "2.8.1.152" }, { "status": "affected", "version": "2.8.1.162" }, { "status": "affected", "version": "2.8.1.164" }, { "status": "affected", "version": "2.8.1.172" }, { "status": "affected", "version": "2.8.1.186" }, { "status": "affected", "version": "2.8.1.190" }, { "status": "affected", "version": "2.8.1.198" }, { "status": "affected", "version": "2.9.1.131" }, { "status": "affected", "version": "2.9.1.135" }, { "status": "affected", "version": "2.9.1.143" }, { "status": "affected", "version": "2.9.1.150" }, { "status": "affected", "version": "2.9.1.158" }, { "status": "affected", "version": "2.10.1.159" }, { "status": "affected", "version": "2.10.1.166" }, { "status": "affected", "version": "2.10.1.179" }, { "status": "affected", "version": "2.10.1.207" }, { "status": "affected", "version": "2.10.1.234" }, { "status": "affected", "version": "2.10.1.245" }, { "status": "affected", "version": "2.10.1.271" }, { "status": "affected", "version": "2.11.1.154" }, { "status": "affected", "version": "2.11.1.182" }, { "status": "affected", "version": "2.11.1.200" }, { "status": "affected", "version": "2.11.1.205" }, { "status": "affected", "version": "2.12.0.31" }, { "status": "affected", "version": "2.12.0.432" }, { "status": "affected", "version": "2.12.0.450" }, { "status": "affected", "version": "2.12.0.467" }, { "status": "affected", "version": "2.12.0.498" }, { "status": "affected", "version": "2.12.1.29" }, { "status": "affected", "version": "2.12.1.48" }, { "status": "affected", "version": "2.13.0.198" }, { "status": "affected", "version": "2.13.0.212" }, { "status": "affected", "version": "2.13.0.243" }, { "status": "affected", "version": "2.14.1.131" } ] }, { "product": "Cisco NX-OS System Software in ACI Mode", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "12.0(1m)" }, { "status": "affected", "version": "12.0(2g)" }, { "status": "affected", "version": "12.0(1n)" }, { "status": "affected", "version": "12.0(1o)" }, { "status": "affected", "version": "12.0(1p)" }, { "status": "affected", "version": "12.0(1q)" }, { "status": "affected", "version": "12.0(2h)" }, { "status": "affected", "version": "12.0(2l)" }, { "status": "affected", "version": "12.0(2m)" }, { "status": "affected", "version": "12.0(2n)" }, { "status": "affected", "version": "12.0(2o)" }, { "status": "affected", "version": "12.0(2f)" }, { "status": "affected", "version": "12.0(1r)" }, { "status": "affected", "version": "12.1(1h)" }, { "status": "affected", "version": "12.1(2e)" }, { "status": "affected", "version": "12.1(3g)" }, { "status": "affected", "version": "12.1(4a)" }, { "status": "affected", "version": "12.1(1i)" }, { "status": "affected", "version": "12.1(2g)" }, { "status": "affected", "version": "12.1(2k)" }, { "status": "affected", "version": "12.1(3h)" }, { "status": "affected", "version": "12.1(3j)" }, { "status": "affected", "version": "12.2(1n)" }, { "status": "affected", "version": "12.2(2e)" }, { "status": "affected", "version": "12.2(3j)" }, { "status": "affected", "version": "12.2(4f)" }, { "status": "affected", "version": "12.2(4p)" }, { "status": "affected", "version": "12.2(3p)" }, { "status": "affected", "version": "12.2(3r)" }, { "status": "affected", "version": "12.2(3s)" }, { "status": "affected", "version": "12.2(3t)" }, { "status": "affected", "version": "12.2(2f)" }, { "status": "affected", "version": "12.2(2i)" }, { "status": "affected", "version": "12.2(2j)" }, { "status": "affected", "version": "12.2(2k)" }, { "status": "affected", "version": "12.2(2q)" }, { "status": "affected", "version": "12.2(1o)" }, { "status": "affected", "version": "12.2(4q)" }, { "status": "affected", "version": "12.2(4r)" }, { "status": "affected", "version": "12.3(1e)" }, { "status": "affected", "version": "12.3(1f)" }, { "status": "affected", "version": "12.3(1i)" }, { "status": "affected", "version": "12.3(1l)" }, { "status": "affected", "version": "12.3(1o)" }, { "status": "affected", "version": "12.3(1p)" }, { "status": "affected", "version": "13.0(1k)" }, { "status": "affected", "version": "13.0(2h)" }, { "status": "affected", "version": "13.0(2k)" }, { "status": "affected", "version": "13.0(2n)" }, { "status": "affected", "version": "13.1(1i)" }, { "status": "affected", "version": "13.1(2m)" }, { "status": "affected", "version": "13.1(2o)" }, { "status": "affected", "version": "13.1(2p)" }, { "status": "affected", "version": "13.1(2q)" }, { "status": "affected", "version": "13.1(2s)" }, { "status": "affected", "version": "13.1(2t)" }, { "status": "affected", "version": "13.1(2u)" }, { "status": "affected", "version": "13.1(2v)" }, { "status": "affected", "version": "13.2(1l)" }, { "status": "affected", "version": "13.2(1m)" }, { "status": "affected", "version": "13.2(2l)" }, { "status": "affected", "version": "13.2(2o)" }, { "status": "affected", "version": "13.2(3i)" }, { "status": "affected", "version": "13.2(3n)" }, { "status": "affected", "version": "13.2(3o)" }, { "status": "affected", "version": "13.2(3r)" }, { "status": "affected", "version": "13.2(4d)" }, { "status": "affected", "version": "13.2(4e)" }, { "status": "affected", "version": "13.2(3s)" }, { "status": "affected", "version": "13.2(5d)" }, { "status": "affected", "version": "13.2(5e)" }, { "status": "affected", "version": "13.2(5f)" }, { "status": "affected", "version": "13.2(6i)" }, { "status": "affected", "version": "13.2(7f)" }, { "status": "affected", "version": "13.2(7k)" }, { "status": "affected", "version": "13.2(9b)" }, { "status": "affected", "version": "13.2(9f)" }, { "status": "affected", "version": "13.2(9h)" }, { "status": "affected", "version": "13.2(10e)" }, { "status": "affected", "version": "13.2(10f)" }, { "status": "affected", "version": "13.2(10g)" }, { "status": "affected", "version": "14.0(1h)" }, { "status": "affected", "version": "14.0(2c)" }, { "status": "affected", "version": "14.0(3d)" }, { "status": "affected", "version": "14.0(3c)" }, { "status": "affected", "version": "14.1(1i)" }, { "status": "affected", "version": "14.1(1j)" }, { "status": "affected", "version": "14.1(1k)" }, { "status": "affected", "version": "14.1(1l)" }, { "status": "affected", "version": "14.1(2g)" }, { "status": "affected", "version": "14.1(2m)" }, { "status": "affected", "version": "14.1(2o)" }, { "status": "affected", "version": "14.1(2s)" }, { "status": "affected", "version": "14.1(2u)" }, { "status": "affected", "version": "14.1(2w)" }, { "status": "affected", "version": "14.1(2x)" }, { "status": "affected", "version": "14.2(1i)" }, { "status": "affected", "version": "14.2(1j)" }, { "status": "affected", "version": "14.2(1l)" }, { "status": "affected", "version": "14.2(2e)" }, { "status": "affected", "version": "14.2(2f)" }, { "status": "affected", "version": "14.2(2g)" }, { "status": "affected", "version": "14.2(3j)" }, { "status": "affected", "version": "14.2(3l)" }, { "status": "affected", "version": "14.2(3n)" }, { "status": "affected", "version": "14.2(3q)" }, { "status": "affected", "version": "14.2(4i)" }, { "status": "affected", "version": "14.2(4k)" }, { "status": "affected", "version": "14.2(4o)" }, { "status": "affected", "version": "14.2(4p)" }, { "status": "affected", "version": "14.2(5k)" }, { "status": "affected", "version": "14.2(5l)" }, { "status": "affected", "version": "14.2(5n)" }, { "status": "affected", "version": "14.2(6d)" }, { "status": "affected", "version": "14.2(6g)" }, { "status": "affected", "version": "14.2(6h)" }, { "status": "affected", "version": "14.2(6l)" }, { "status": "affected", "version": "14.2(7f)" }, { "status": "affected", "version": "14.2(7l)" }, { "status": "affected", "version": "14.2(6o)" }, { "status": "affected", "version": "14.2(7q)" }, { "status": "affected", "version": "14.2(7r)" }, { "status": "affected", "version": "14.2(7s)" }, { "status": "affected", "version": "14.2(7t)" }, { "status": "affected", "version": "14.2(7u)" }, { "status": "affected", "version": "14.2(7v)" }, { "status": "affected", "version": "14.2(7w)" }, { "status": "affected", "version": "15.0(1k)" }, { "status": "affected", "version": "15.0(1l)" }, { "status": "affected", "version": "15.0(2e)" }, { "status": "affected", "version": "15.0(2h)" }, { "status": "affected", "version": "15.1(1h)" }, { "status": "affected", "version": "15.1(2e)" }, { "status": "affected", "version": "15.1(3e)" }, { "status": "affected", "version": "15.1(4c)" }, { "status": "affected", "version": "15.2(1g)" }, { "status": "affected", "version": "15.2(2e)" }, { "status": "affected", "version": "15.2(2f)" }, { "status": "affected", "version": "15.2(2g)" }, { "status": "affected", "version": "15.2(2h)" }, { "status": "affected", "version": "15.2(3e)" }, { "status": "affected", "version": "15.2(3f)" }, { "status": "affected", "version": "15.2(3g)" }, { "status": "affected", "version": "15.2(4d)" }, { "status": "affected", "version": "15.2(4e)" }, { "status": "affected", "version": "15.2(5c)" }, { "status": "affected", "version": "15.2(5d)" }, { "status": "affected", "version": "15.2(5e)" }, { "status": "affected", "version": "15.2(4f)" }, { "status": "affected", "version": "15.2(6e)" }, { "status": "affected", "version": "15.2(6g)" }, { "status": "affected", "version": "15.2(7f)" }, { "status": "affected", "version": "15.2(7g)" }, { "status": "affected", "version": "15.2(8d)" }, { "status": "affected", "version": "15.2(8e)" }, { "status": "affected", "version": "15.2(8f)" }, { "status": "affected", "version": "15.2(8g)" }, { "status": "affected", "version": "16.0(1g)" }, { "status": "affected", "version": "16.0(1j)" }, { "status": "affected", "version": "16.0(2h)" }, { "status": "affected", "version": "16.0(2j)" }, { "status": "affected", "version": "16.0(3d)" }, { "status": "affected", "version": "16.0(3e)" }, { "status": "affected", "version": "15.3(1d)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device.\r\n\r Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol)." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-805", "description": "Buffer Access with Incorrect Length Value", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-28T16:16:56.717Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-lldp-dos-z7PncTgt", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-lldp-dos-z7PncTgt" } ], "source": { "advisory": "cisco-sa-nxos-lldp-dos-z7PncTgt", "defects": [ "CSCwf67412", "CSCwf67468", "CSCwi31871", "CSCwe86457", "CSCwf67408", "CSCwf67409", "CSCwf67411", "CSCwi29934" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20294", "datePublished": "2024-02-28T16:16:56.717Z", "dateReserved": "2023-11-08T15:08:07.629Z", "dateUpdated": "2024-08-01T21:59:41.160Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1782
Vulnerability from cvelistv5
Published
2019-05-15 19:45
Modified
2024-11-20 17:20
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108407 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.805Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerabilities (CVE-2019-1781, CVE-2019-1782)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782" }, { "name": "108407", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108407" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1782", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:46.135024Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:20:56.298Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-22T13:06:04", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerabilities (CVE-2019-1781, CVE-2019-1782)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782" }, { "name": "108407", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108407" } ], "source": { "advisory": "cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782", "defect": [ [ "CSCvh20027", "CSCvh20389", "CSCvi01445", "CSCvi01448", "CSCvi91985", "CSCvi92126", "CSCvi92128", "CSCvi92129", "CSCvi92130", "CSCvi96522", "CSCvi96524", "CSCvi96525", "CSCvi96526", "CSCvi96527" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1782", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerabilities (CVE-2019-1781, CVE-2019-1782)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782" }, { "name": "108407", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108407" } ] }, "source": { "advisory": "cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782", "defect": [ [ "CSCvh20027", "CSCvh20389", "CSCvi01445", "CSCvi01448", "CSCvi91985", "CSCvi92126", "CSCvi92128", "CSCvi92129", "CSCvi92130", "CSCvi96522", "CSCvi96524", "CSCvi96525", "CSCvi96526", "CSCvi96527" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1782", "datePublished": "2019-05-15T19:45:19.350442Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:20:56.298Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1770
Vulnerability from cvelistv5
Published
2019-05-15 19:20
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108376 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.721Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1770)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770" }, { "name": "108376", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108376" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-20T15:06:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1770)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770" }, { "name": "108376", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108376" } ], "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1770", "defect": [ [ "CSCvh75867", "CSCvh75958", "CSCvi92239", "CSCvi92240", "CSCvi92242", "CSCvi92243", "CSCvk36294" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1770", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.2", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1770)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770" }, { "name": "108376", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108376" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1770", "defect": [ [ "CSCvh75867", "CSCvh75958", "CSCvi92239", "CSCvi92240", "CSCvi92242", "CSCvi92243", "CSCvk36294" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1770", "datePublished": "2019-05-15T19:20:25.203583Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-17T03:13:54.742Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1595
Vulnerability from cvelistv5
Published
2019-03-06 22:00
Modified
2024-09-17 04:24
Severity ?
EPSS score ?
Summary
Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/107320 | vdb-entry, x_refsource_BID | |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:20:28.326Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "107320", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/107320" }, { "name": "20190306 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "7.3(5)N1(1)" } ] } ], "datePublic": "2019-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1)." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-913", "description": "CWE-913", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-08T10:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "107320", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/107320" }, { "name": "20190306 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos" } ], "source": { "advisory": "cisco-sa-20190306-nexus-fbr-dos", "defect": [ [ "CSCvn24414" ] ], "discovery": "INTERNAL" }, "title": "Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-03-06T16:00:00-0800", "ID": "CVE-2019-1595", "STATE": "PUBLIC", "TITLE": "Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "7.3(5)N1(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1)." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "7.4", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-913" } ] } ] }, "references": { "reference_data": [ { "name": "107320", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107320" }, { "name": "20190306 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos" } ] }, "source": { "advisory": "cisco-sa-20190306-nexus-fbr-dos", "defect": [ [ "CSCvn24414" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1595", "datePublished": "2019-03-06T22:00:00Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-17T04:24:08.053Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1812
Vulnerability from cvelistv5
Published
2019-05-15 22:20
Modified
2024-11-20 17:19
Severity ?
EPSS score ?
Summary
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108425 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.875Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2" }, { "name": "108425", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108425" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1812", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:27.484714Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:19:07.317Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "CWE-347", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-23T08:06:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2" }, { "name": "108425", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108425" } ], "source": { "advisory": "cisco-sa-20190515-nxos-sisv2", "defect": [ [ "CSCvj14093", "CSCvj14106", "CSCvj14182", "CSCvk53125", "CSCvk53227", "CSCvk53256" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1812", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-347" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2" }, { "name": "108425", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108425" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-sisv2", "defect": [ [ "CSCvj14093", "CSCvj14106", "CSCvj14182", "CSCvk53125", "CSCvk53227", "CSCvk53256" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1812", "datePublished": "2019-05-15T22:20:26.162102Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:19:07.317Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20168
Vulnerability from cvelistv5
Published
2023-08-23 18:07
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:35.038Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nxos-remoteauth-dos-XB6pv74m", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "4.2(1)SV1(4)" }, { "status": "affected", "version": "4.2(1)SV1(4a)" }, { "status": "affected", "version": "4.2(1)SV1(4b)" }, { "status": "affected", "version": "4.2(1)SV1(5.1)" }, { "status": "affected", "version": "4.2(1)SV1(5.1a)" }, { "status": "affected", "version": "4.2(1)SV1(5.2)" }, { "status": "affected", "version": "4.2(1)SV1(5.2b)" }, { "status": "affected", "version": "4.2(1)SV2(1.1)" }, { "status": "affected", "version": "4.2(1)SV2(1.1a)" }, { "status": "affected", "version": "4.2(1)SV2(2.1)" }, { "status": "affected", "version": "4.2(1)SV2(2.1a)" }, { "status": "affected", "version": "4.2(1)SV2(2.2)" }, { "status": "affected", "version": "4.2(1)SV2(2.3)" }, { "status": "affected", "version": "5.2(1)SM1(5.1)" }, { "status": "affected", "version": "5.2(1)SM1(5.2)" }, { "status": "affected", "version": "5.2(1)SM1(5.2a)" }, { "status": "affected", "version": "5.2(1)SM1(5.2b)" }, { "status": "affected", "version": "5.2(1)SM1(5.2c)" }, { "status": "affected", "version": "5.2(1)SM3(1.1)" }, { "status": "affected", "version": "5.2(1)SM3(1.1a)" }, { "status": "affected", "version": "5.2(1)SM3(1.1b)" }, { "status": "affected", "version": "5.2(1)SM3(1.1c)" }, { "status": "affected", "version": "5.2(1)SM3(2.1)" }, { "status": "affected", "version": "5.2(1)SV3(1.4)" }, { "status": "affected", "version": "5.2(1)SV3(1.1)" }, { "status": "affected", "version": "5.2(1)SV3(1.3)" }, { "status": "affected", "version": "5.2(1)SV3(1.5a)" }, { "status": "affected", "version": "5.2(1)SV3(1.5b)" }, { "status": "affected", "version": "5.2(1)SV3(1.6)" }, { "status": "affected", "version": "5.2(1)SV3(1.10)" }, { "status": "affected", "version": "5.2(1)SV3(1.15)" }, { "status": "affected", "version": "5.2(1)SV3(2.1)" }, { "status": "affected", "version": "5.2(1)SV3(2.5)" }, { "status": "affected", "version": "5.2(1)SV3(2.8)" }, { "status": "affected", "version": "5.2(1)SV3(3.1)" }, { "status": "affected", "version": "5.2(1)SV3(1.2)" }, { "status": "affected", "version": "5.2(1)SV3(1.4b)" }, { "status": "affected", "version": "5.2(1)SV3(3.15)" }, { "status": "affected", "version": "5.2(1)SV3(4.1)" }, { "status": "affected", "version": "5.2(1)SV3(4.1a)" }, { "status": "affected", "version": "5.2(1)SV3(4.1b)" }, { "status": "affected", "version": "5.2(1)SV3(4.1c)" }, { "status": "affected", "version": "6.0(2)A3(1)" }, { "status": "affected", "version": "6.0(2)A3(2)" }, { "status": "affected", "version": "6.0(2)A3(4)" }, { "status": "affected", "version": "6.0(2)A4(1)" }, { "status": "affected", "version": "6.0(2)A4(2)" }, { "status": "affected", "version": "6.0(2)A4(3)" }, { "status": "affected", "version": "6.0(2)A4(4)" }, { "status": "affected", "version": "6.0(2)A4(5)" }, { "status": "affected", "version": "6.0(2)A4(6)" }, { "status": "affected", "version": "6.0(2)A6(1)" }, { "status": "affected", "version": "6.0(2)A6(1a)" }, { "status": "affected", "version": "6.0(2)A6(2)" }, { "status": "affected", "version": "6.0(2)A6(2a)" }, { "status": "affected", "version": "6.0(2)A6(3)" }, { "status": "affected", "version": "6.0(2)A6(3a)" }, { "status": "affected", "version": "6.0(2)A6(4)" }, { "status": "affected", "version": "6.0(2)A6(4a)" }, { "status": "affected", "version": "6.0(2)A6(5)" }, { "status": "affected", "version": "6.0(2)A6(5a)" }, { "status": "affected", "version": "6.0(2)A6(5b)" }, { "status": "affected", "version": "6.0(2)A6(6)" }, { "status": "affected", "version": "6.0(2)A6(7)" }, { "status": "affected", "version": "6.0(2)A6(8)" }, { "status": "affected", "version": "6.0(2)A7(1)" }, { "status": "affected", "version": "6.0(2)A7(1a)" }, { "status": "affected", "version": "6.0(2)A7(2)" }, { "status": "affected", "version": "6.0(2)A7(2a)" }, { "status": "affected", "version": "6.0(2)A8(1)" }, { "status": "affected", "version": "6.0(2)A8(2)" }, { "status": "affected", "version": "6.0(2)A8(3)" }, { "status": "affected", "version": "6.0(2)A8(4)" }, { "status": "affected", "version": "6.0(2)A8(4a)" }, { "status": "affected", "version": "6.0(2)A8(5)" }, { "status": "affected", "version": "6.0(2)A8(6)" }, { "status": "affected", "version": "6.0(2)A8(7)" }, { "status": "affected", "version": "6.0(2)A8(7a)" }, { "status": "affected", "version": "6.0(2)A8(7b)" }, { "status": "affected", "version": "6.0(2)A8(8)" }, { "status": "affected", "version": "6.0(2)A8(9)" }, { "status": "affected", "version": "6.0(2)A8(10a)" }, { "status": "affected", "version": "6.0(2)A8(10)" }, { "status": "affected", "version": "6.0(2)A8(11)" }, { "status": "affected", "version": "6.0(2)A8(11a)" }, { "status": "affected", "version": "6.0(2)A8(11b)" }, { "status": "affected", "version": "6.0(2)U2(1)" }, { "status": "affected", "version": "6.0(2)U2(2)" }, { "status": "affected", "version": "6.0(2)U2(3)" }, { "status": "affected", "version": "6.0(2)U2(4)" }, { "status": "affected", "version": "6.0(2)U2(5)" }, { "status": "affected", "version": "6.0(2)U2(6)" }, { "status": "affected", "version": "6.0(2)U3(1)" }, { "status": "affected", "version": "6.0(2)U3(2)" }, { "status": "affected", "version": "6.0(2)U3(3)" }, { "status": "affected", "version": "6.0(2)U3(4)" }, { "status": "affected", "version": "6.0(2)U3(5)" }, { "status": "affected", "version": "6.0(2)U3(6)" }, { "status": "affected", "version": "6.0(2)U3(7)" }, { "status": "affected", "version": "6.0(2)U3(8)" }, { "status": "affected", "version": "6.0(2)U3(9)" }, { "status": "affected", "version": "6.0(2)U4(1)" }, { "status": "affected", "version": "6.0(2)U4(2)" }, { "status": "affected", "version": "6.0(2)U4(3)" }, { "status": "affected", "version": "6.0(2)U4(4)" }, { "status": "affected", "version": "6.0(2)U5(1)" }, { "status": "affected", "version": "6.0(2)U5(2)" }, { "status": "affected", "version": "6.0(2)U5(3)" }, { "status": "affected", "version": "6.0(2)U5(4)" }, { "status": "affected", "version": "6.0(2)U6(1)" }, { "status": "affected", "version": "6.0(2)U6(2)" }, { "status": "affected", "version": "6.0(2)U6(3)" }, { "status": "affected", "version": "6.0(2)U6(4)" }, { "status": "affected", "version": "6.0(2)U6(5)" }, { "status": "affected", "version": "6.0(2)U6(6)" }, { "status": "affected", "version": "6.0(2)U6(7)" }, { "status": "affected", "version": "6.0(2)U6(8)" }, { "status": "affected", "version": "6.0(2)U6(1a)" }, { "status": "affected", "version": "6.0(2)U6(2a)" }, { "status": "affected", "version": "6.0(2)U6(3a)" }, { "status": "affected", "version": "6.0(2)U6(4a)" }, { "status": "affected", "version": "6.0(2)U6(5a)" }, { "status": "affected", "version": "6.0(2)U6(5b)" }, { "status": "affected", "version": "6.0(2)U6(5c)" }, { "status": "affected", "version": "6.0(2)U6(9)" }, { "status": "affected", "version": "6.0(2)U6(10)" }, { "status": "affected", "version": "6.2(2)" }, { "status": "affected", "version": "6.2(2a)" }, { "status": "affected", "version": "6.2(6)" }, { "status": "affected", "version": "6.2(6b)" }, { "status": "affected", "version": "6.2(8)" }, { "status": "affected", "version": "6.2(8a)" }, { "status": "affected", "version": "6.2(8b)" }, { "status": "affected", "version": "6.2(10)" }, { "status": "affected", "version": "6.2(12)" }, { "status": "affected", "version": "6.2(18)" }, { "status": "affected", "version": "6.2(16)" }, { "status": "affected", "version": "6.2(14)" }, { "status": "affected", "version": "6.2(6a)" }, { "status": "affected", "version": "6.2(20)" }, { "status": "affected", "version": "6.2(1)" }, { "status": "affected", "version": "6.2(3)" }, { "status": "affected", "version": "6.2(5)" }, { "status": "affected", "version": "6.2(5a)" }, { "status": "affected", "version": "6.2(5b)" }, { "status": "affected", "version": "6.2(7)" }, { "status": "affected", "version": "6.2(9)" }, { "status": "affected", "version": "6.2(9a)" }, { "status": "affected", "version": "6.2(9b)" }, { "status": "affected", "version": "6.2(9c)" }, { "status": "affected", "version": "6.2(11)" }, { "status": "affected", "version": "6.2(11b)" }, { "status": "affected", "version": "6.2(11c)" }, { "status": "affected", "version": "6.2(11d)" }, { "status": "affected", "version": "6.2(11e)" }, { "status": "affected", "version": "6.2(13)" }, { "status": "affected", "version": "6.2(13a)" }, { "status": "affected", "version": "6.2(13b)" }, { "status": "affected", "version": "6.2(15)" }, { "status": "affected", "version": "6.2(17)" }, { "status": "affected", "version": "6.2(19)" }, { "status": "affected", "version": "6.2(21)" }, { "status": "affected", "version": "6.2(23)" }, { "status": "affected", "version": "6.2(20a)" }, { "status": "affected", "version": "6.2(25)" }, { "status": "affected", "version": "6.2(22)" }, { "status": "affected", "version": "6.2(27)" }, { "status": "affected", "version": "6.2(29)" }, { "status": "affected", "version": "6.2(24)" }, { "status": "affected", "version": "6.2(31)" }, { "status": "affected", "version": "6.2(24a)" }, { "status": "affected", "version": "6.2(33)" }, { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "7.0(3)I2(2a)" }, { "status": "affected", "version": "7.0(3)I2(2b)" }, { "status": "affected", "version": "7.0(3)I2(2c)" }, { "status": "affected", "version": "7.0(3)I2(2d)" }, { "status": "affected", "version": "7.0(3)I2(2e)" }, { "status": "affected", "version": "7.0(3)I2(3)" }, { "status": "affected", "version": "7.0(3)I2(4)" }, { "status": "affected", "version": "7.0(3)I2(5)" }, { "status": "affected", "version": "7.0(3)I2(1)" }, { "status": "affected", "version": "7.0(3)I2(1a)" }, { "status": "affected", "version": "7.0(3)I2(2)" }, { "status": "affected", "version": "7.0(3)I3(1)" }, { "status": "affected", "version": "7.0(3)I4(1)" }, { "status": "affected", "version": "7.0(3)I4(2)" }, { "status": "affected", "version": "7.0(3)I4(3)" }, { "status": "affected", "version": "7.0(3)I4(4)" }, { "status": "affected", "version": "7.0(3)I4(5)" }, { "status": "affected", "version": "7.0(3)I4(6)" }, { "status": "affected", "version": "7.0(3)I4(7)" }, { "status": "affected", "version": "7.0(3)I4(8)" }, { "status": "affected", "version": "7.0(3)I4(8a)" }, { "status": "affected", "version": "7.0(3)I4(8b)" }, { "status": "affected", "version": "7.0(3)I4(8z)" }, { "status": "affected", "version": "7.0(3)I4(9)" }, { "status": "affected", "version": "7.0(3)I5(1)" }, { "status": "affected", "version": "7.0(3)I5(2)" }, { "status": "affected", "version": "7.0(3)I6(1)" }, { "status": "affected", "version": "7.0(3)I6(2)" }, { "status": "affected", "version": "7.0(3)I7(1)" }, { "status": "affected", "version": "7.0(3)I7(2)" }, { "status": "affected", "version": "7.0(3)I7(3)" }, { "status": "affected", "version": "7.0(3)I7(4)" }, { "status": "affected", "version": "7.0(3)I7(5)" }, { "status": "affected", "version": "7.0(3)I7(5a)" }, { "status": "affected", "version": "7.0(3)I7(6)" }, { "status": "affected", "version": "7.0(3)I7(7)" }, { "status": "affected", "version": "7.0(3)I7(8)" }, { "status": "affected", "version": "7.0(3)I7(9)" }, { "status": "affected", "version": "7.0(3)I7(10)" }, { "status": "affected", "version": "7.1(0)N1(1a)" }, { "status": "affected", "version": "7.1(0)N1(1b)" }, { "status": "affected", "version": "7.1(0)N1(1)" }, { "status": "affected", "version": "7.1(1)N1(1)" }, { "status": "affected", "version": "7.1(2)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(2)" }, { "status": "affected", "version": "7.1(4)N1(1)" }, { "status": "affected", "version": "7.1(5)N1(1)" }, { "status": "affected", "version": "7.1(5)N1(1b)" }, { "status": "affected", "version": "7.2(0)D1(1)" }, { "status": "affected", "version": "7.2(1)D1(1)" }, { "status": "affected", "version": "7.2(2)D1(2)" }, { "status": "affected", "version": "7.2(2)D1(1)" }, { "status": "affected", "version": "7.3(0)D1(1)" }, { "status": "affected", "version": "7.3(0)DX(1)" }, { "status": "affected", "version": "7.3(0)DY(1)" }, { "status": "affected", "version": "7.3(0)N1(1)" }, { "status": "affected", "version": "7.3(1)D1(1)" }, { "status": "affected", "version": "7.3(1)DY(1)" }, { "status": "affected", "version": "7.3(1)N1(1)" }, { "status": "affected", "version": "7.3(2)D1(1)" }, { "status": "affected", "version": "7.3(2)D1(2)" }, { "status": "affected", "version": "7.3(2)D1(3)" }, { "status": "affected", "version": "7.3(2)D1(3a)" }, { "status": "affected", "version": "7.3(2)N1(1)" }, { "status": "affected", "version": "7.3(3)N1(1)" }, { "status": "affected", "version": "8.0(1)" }, { "status": "affected", "version": "8.1(1)" }, { "status": "affected", "version": "8.1(2)" }, { "status": "affected", "version": "8.1(2a)" }, { "status": "affected", "version": "8.1(1a)" }, { "status": "affected", "version": "8.1(1b)" }, { "status": "affected", "version": "8.2(1)" }, { "status": "affected", "version": "8.2(2)" }, { "status": "affected", "version": "8.2(3)" }, { "status": "affected", "version": "8.2(4)" }, { "status": "affected", "version": "8.2(5)" }, { "status": "affected", "version": "8.2(6)" }, { "status": "affected", "version": "8.2(7)" }, { "status": "affected", "version": "8.2(7a)" }, { "status": "affected", "version": "8.2(8)" }, { "status": "affected", "version": "8.2(9)" }, { "status": "affected", "version": "8.3(1)" }, { "status": "affected", "version": "8.3(2)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "9.2(1a)" }, { "status": "affected", "version": "7.3(4)N1(1)" }, { "status": "affected", "version": "7.3(3)D1(1)" }, { "status": "affected", "version": "7.3(4)D1(1)" }, { "status": "affected", "version": "7.3(5)N1(1)" }, { "status": "affected", "version": "5.2(1)SK3(1.1)" }, { "status": "affected", "version": "5.2(1)SK3(2.1)" }, { "status": "affected", "version": "5.2(1)SK3(2.2)" }, { "status": "affected", "version": "5.2(1)SK3(2.2b)" }, { "status": "affected", "version": "5.2(1)SK3(2.1a)" }, { "status": "affected", "version": "5.2(1)SV5(1.1)" }, { "status": "affected", "version": "5.2(1)SV5(1.2)" }, { "status": "affected", "version": "5.2(1)SV5(1.3)" }, { "status": "affected", "version": "5.2(1)SV5(1.3a)" }, { "status": "affected", "version": "5.2(1)SV5(1.3b)" }, { "status": "affected", "version": "5.2(1)SV5(1.3c)" }, { "status": "affected", "version": "8.4(1)" }, { "status": "affected", "version": "8.4(1a)" }, { "status": "affected", "version": "8.4(2)" }, { "status": "affected", "version": "8.4(2a)" }, { "status": "affected", "version": "8.4(3)" }, { "status": "affected", "version": "8.4(2b)" }, { "status": "affected", "version": "8.4(4)" }, { "status": "affected", "version": "8.4(2c)" }, { "status": "affected", "version": "8.4(4a)" }, { "status": "affected", "version": "8.4(5)" }, { "status": "affected", "version": "8.4(2d)" }, { "status": "affected", "version": "8.4(6)" }, { "status": "affected", "version": "8.4(2e)" }, { "status": "affected", "version": "8.4(6a)" }, { "status": "affected", "version": "8.4(7)" }, { "status": "affected", "version": "8.4(2f)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "7.3(6)N1(1)" }, { "status": "affected", "version": "7.3(5)D1(1)" }, { "status": "affected", "version": "7.3(7)N1(1)" }, { "status": "affected", "version": "7.3(7)N1(1a)" }, { "status": "affected", "version": "7.3(7)N1(1b)" }, { "status": "affected", "version": "7.3(6)D1(1)" }, { "status": "affected", "version": "7.3(8)N1(1)" }, { "status": "affected", "version": "7.3(7)D1(1)" }, { "status": "affected", "version": "7.3(9)N1(1)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "8.5(1)" }, { "status": "affected", "version": "7.3(10)N1(1)" }, { "status": "affected", "version": "7.3(8)D1(1)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "7.3(9)D1(1)" }, { "status": "affected", "version": "7.3(11)N1(1)" }, { "status": "affected", "version": "7.3(12)N1(1)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "7.3(13)N1(1)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. " } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:48.712Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-remoteauth-dos-XB6pv74m", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m" } ], "source": { "advisory": "cisco-sa-nxos-remoteauth-dos-XB6pv74m", "defects": [ "CSCwe72368", "CSCwe72670", "CSCwe72648", "CSCwe72673", "CSCwe72674" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20168", "datePublished": "2023-08-23T18:07:53.428Z", "dateReserved": "2022-10-27T18:47:50.362Z", "dateUpdated": "2024-08-02T09:05:35.038Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20411
Vulnerability from cvelistv5
Published
2024-08-28 16:27
Modified
2024-08-30 03:56
Severity ?
EPSS score ?
Summary
Cisco NX-OS Bash Arbitrary Code Execution Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:nx-os:9.2\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(7a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2v\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(5b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(5a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(11\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(3y\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(1t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(5c\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(6z\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(3z\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im7\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(11b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(5a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(3b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)ic4\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(5b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3c\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(2b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(11a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(8z\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(10a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(1z\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(8b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(6t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(5a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(8a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)ia7\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)ia7\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(7b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(10a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.1\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(5w\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(7k\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(9w\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(7a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(1q\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.1\\(2t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(3t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(11\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(12\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(3v\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.4\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(99w\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3w\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(99x\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3o\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3p\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.4\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3q\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(13\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3x\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(4g\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3r\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nx-os", "vendor": "cisco", "versions": [ { "status": "affected", "version": "9.2\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)i5\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(7a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(5\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(6\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(3\\)" }, { "status": "affected", "version": "9.2\\(2v\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(5b\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(7\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(1a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(8\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)im3\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(5a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(11\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(4a\\)" }, { "status": "affected", "version": "9.2\\(1\\)" }, { "status": "affected", "version": "9.2\\(2t\\)" }, { "status": "affected", "version": "9.2\\(3y\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(1t\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(5c\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(4\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(6z\\)" }, { "status": "affected", "version": "9.3\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(3\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(6\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(3z\\)" }, { "status": "affected", "version": "7.0\\(3\\)im7\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(11b\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(5a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i6\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(10\\)" }, { "status": "affected", "version": "7.0\\(3\\)im3\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(8\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)i5\\(3b\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(2a\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(7\\)" }, { "status": "affected", "version": "9.2\\(4\\)" }, { "status": "affected", "version": "7.0\\(3\\)im3\\(2a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(10\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)ic4\\(4\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(3\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(5b\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(3c\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(5\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(5\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(7\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(5\\)" }, { "status": "affected", "version": "7.0\\(3\\)im3\\(2b\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(4a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i5\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(3\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(6\\)" }, { "status": "affected", "version": "7.0\\(3\\)i6\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(5\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(8\\)" }, { "status": "affected", "version": "7.0\\(3\\)im3\\(3\\)" }, { "status": "affected", "version": "9.3\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(7\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(6\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(3a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(11a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(8z\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(9\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(4\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(7\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(9\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(6\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(10a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i5\\(1\\)" }, { "status": "affected", "version": "9.3\\(1z\\)" }, { "status": "affected", "version": "9.2\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(4\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(8b\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(6t\\)" }, { "status": "affected", "version": "7.0\\(3\\)i5\\(3a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(8\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(5\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(3a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(4\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(3a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(5a\\)" }, { "status": "affected", "version": "7.0\\(3\\)f2\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(8a\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(9\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(2a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(4\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)f2\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)ia7\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)ia7\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(7b\\)" }, { "status": "affected", "version": "7.0\\(3\\)f1\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(1a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(4a\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(4\\)" }, { "status": "affected", "version": "9.3\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(8\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(10a\\)" }, { "status": "affected", "version": "9.3\\(4\\)" }, { "status": "affected", "version": "9.3\\(5\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(9\\)" }, { "status": "affected", "version": "9.3\\(6\\)" }, { "status": "affected", "version": "10.1\\(2\\)" }, { "status": "affected", "version": "10.1\\(1\\)" }, { "status": "affected", "version": "9.3\\(5w\\)" }, { "status": "affected", "version": "9.3\\(7\\)" }, { "status": "affected", "version": "9.3\\(7k\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(9w\\)" }, { "status": "affected", "version": "10.2\\(1\\)" }, { "status": "affected", "version": "9.3\\(7a\\)" }, { "status": "affected", "version": "9.3\\(8\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(10\\)" }, { "status": "affected", "version": "10.2\\(1q\\)" }, { "status": "affected", "version": "10.2\\(2\\)" }, { "status": "affected", "version": "9.3\\(9\\)" }, { "status": "affected", "version": "10.1\\(2t\\)" }, { "status": "affected", "version": "10.2\\(3\\)" }, { "status": "affected", "version": "10.2\\(3t\\)" }, { "status": "affected", "version": "9.3\\(10\\)" }, { "status": "affected", "version": "10.2\\(2a\\)" }, { "status": "affected", "version": "10.3\\(1\\)" }, { "status": "affected", "version": "10.2\\(4\\)" }, { "status": "affected", "version": "10.3\\(2\\)" }, { "status": "affected", "version": "9.3\\(11\\)" }, { "status": "affected", "version": "10.3\\(3\\)" }, { "status": "affected", "version": "10.2\\(5\\)" }, { "status": "affected", "version": "9.3\\(12\\)" }, { "status": "affected", "version": "10.2\\(3v\\)" }, { "status": "affected", "version": "10.4\\(1\\)" }, { "status": "affected", "version": "10.3\\(99w\\)" }, { "status": "affected", "version": "10.2\\(6\\)" }, { "status": "affected", "version": "10.3\\(3w\\)" }, { "status": "affected", "version": "10.3\\(99x\\)" }, { "status": "affected", "version": "10.3\\(3o\\)" }, { "status": "affected", "version": "10.3\\(4\\)" }, { "status": "affected", "version": "10.3\\(3p\\)" }, { "status": "affected", "version": "10.3\\(4a\\)" }, { "status": "affected", "version": "10.4\\(2\\)" }, { "status": "affected", "version": "10.3\\(3q\\)" }, { "status": "affected", "version": "9.3\\(13\\)" }, { "status": "affected", "version": "10.2\\(7\\)" }, { "status": "affected", "version": "10.3\\(3x\\)" }, { "status": "affected", "version": "10.3\\(4g\\)" }, { "status": "affected", "version": "10.3\\(3r\\)" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20411", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-30T03:56:02.446Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "7.0(3)I5(2)" }, { "status": "affected", "version": "6.0(2)A8(7a)" }, { "status": "affected", "version": "7.0(3)I4(5)" }, { "status": "affected", "version": "6.0(2)A6(1)" }, { "status": "affected", "version": "7.0(3)I4(6)" }, { "status": "affected", "version": "7.0(3)I4(3)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "6.0(2)A6(5b)" }, { "status": "affected", "version": "7.0(3)I4(7)" }, { "status": "affected", "version": "6.0(2)U6(1a)" }, { "status": "affected", "version": "7.0(3)I4(1)" }, { "status": "affected", "version": "7.0(3)I4(8)" }, { "status": "affected", "version": "7.0(3)I4(2)" }, { "status": "affected", "version": "7.0(3)IM3(1)" }, { "status": "affected", "version": "6.0(2)U6(5a)" }, { "status": "affected", "version": "6.0(2)A8(11)" }, { "status": "affected", "version": "6.0(2)A6(4a)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3y)" }, { "status": "affected", "version": "7.0(3)I4(1t)" }, { "status": "affected", "version": "6.0(2)U6(5c)" }, { "status": "affected", "version": "6.0(2)A6(4)" }, { "status": "affected", "version": "7.0(3)I7(6z)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "6.0(2)U6(6)" }, { "status": "affected", "version": "7.0(3)I7(3z)" }, { "status": "affected", "version": "7.0(3)IM7(2)" }, { "status": "affected", "version": "6.0(2)A8(11b)" }, { "status": "affected", "version": "7.0(3)I7(5a)" }, { "status": "affected", "version": "7.0(3)I6(1)" }, { "status": "affected", "version": "6.0(2)U6(10)" }, { "status": "affected", "version": "7.0(3)IM3(2)" }, { "status": "affected", "version": "6.0(2)A6(8)" }, { "status": "affected", "version": "6.0(2)U6(1)" }, { "status": "affected", "version": "7.0(3)I5(3b)" }, { "status": "affected", "version": "6.0(2)A6(2a)" }, { "status": "affected", "version": "6.0(2)U6(7)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "7.0(3)IM3(2a)" }, { "status": "affected", "version": "6.0(2)A8(10)" }, { "status": "affected", "version": "6.0(2)A8(2)" }, { "status": "affected", "version": "7.0(3)IC4(4)" }, { "status": "affected", "version": "6.0(2)A6(3)" }, { "status": "affected", "version": "6.0(2)U6(5b)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "6.0(2)U6(5)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "6.0(2)A6(7)" }, { "status": "affected", "version": "7.0(3)I7(2)" }, { "status": "affected", "version": "6.0(2)A6(5)" }, { "status": "affected", "version": "7.0(3)IM3(2b)" }, { "status": "affected", "version": "6.0(2)U6(4a)" }, { "status": "affected", "version": "7.0(3)I5(3)" }, { "status": "affected", "version": "7.0(3)I7(3)" }, { "status": "affected", "version": "6.0(2)A8(6)" }, { "status": "affected", "version": "7.0(3)I6(2)" }, { "status": "affected", "version": "6.0(2)A8(5)" }, { "status": "affected", "version": "6.0(2)U6(8)" }, { "status": "affected", "version": "7.0(3)IM3(3)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "6.0(2)U6(2)" }, { "status": "affected", "version": "6.0(2)A8(7)" }, { "status": "affected", "version": "7.0(3)I7(6)" }, { "status": "affected", "version": "6.0(2)U6(3a)" }, { "status": "affected", "version": "6.0(2)A8(11a)" }, { "status": "affected", "version": "7.0(3)I4(8z)" }, { "status": "affected", "version": "7.0(3)I4(9)" }, { "status": "affected", "version": "7.0(3)I7(4)" }, { "status": "affected", "version": "7.0(3)I7(7)" }, { "status": "affected", "version": "6.0(2)A8(9)" }, { "status": "affected", "version": "6.0(2)A8(1)" }, { "status": "affected", "version": "6.0(2)A6(6)" }, { "status": "affected", "version": "6.0(2)A8(10a)" }, { "status": "affected", "version": "7.0(3)I5(1)" }, { "status": "affected", "version": "9.3(1z)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "7.0(3)I4(8b)" }, { "status": "affected", "version": "6.0(2)A8(3)" }, { "status": "affected", "version": "7.0(3)I4(6t)" }, { "status": "affected", "version": "7.0(3)I5(3a)" }, { "status": "affected", "version": "6.0(2)A8(8)" }, { "status": "affected", "version": "7.0(3)I7(5)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "6.0(2)A8(4)" }, { "status": "affected", "version": "6.0(2)A6(3a)" }, { "status": "affected", "version": "6.0(2)A6(5a)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)I4(8a)" }, { "status": "affected", "version": "6.0(2)U6(9)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "6.0(2)U6(2a)" }, { "status": "affected", "version": "7.0(3)I4(4)" }, { "status": "affected", "version": "6.0(2)U6(3)" }, { "status": "affected", "version": "7.0(3)I7(1)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)IA7(2)" }, { "status": "affected", "version": "7.0(3)IA7(1)" }, { "status": "affected", "version": "6.0(2)A8(7b)" }, { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "6.0(2)A6(1a)" }, { "status": "affected", "version": "6.0(2)A6(2)" }, { "status": "affected", "version": "6.0(2)A8(4a)" }, { "status": "affected", "version": "6.0(2)U6(4)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "7.0(3)I7(8)" }, { "status": "affected", "version": "6.0(2)U6(10a)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "7.0(3)I7(9)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "9.3(5w)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7k)" }, { "status": "affected", "version": "7.0(3)I7(9w)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "7.0(3)I7(10)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "10.2(2a)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "10.3(3)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "9.3(12)" }, { "status": "affected", "version": "10.2(3v)" }, { "status": "affected", "version": "10.4(1)" }, { "status": "affected", "version": "10.3(99w)" }, { "status": "affected", "version": "10.2(6)" }, { "status": "affected", "version": "10.3(3w)" }, { "status": "affected", "version": "10.3(99x)" }, { "status": "affected", "version": "10.3(3o)" }, { "status": "affected", "version": "10.3(4)" }, { "status": "affected", "version": "10.3(3p)" }, { "status": "affected", "version": "10.3(4a)" }, { "status": "affected", "version": "10.4(2)" }, { "status": "affected", "version": "10.3(3q)" }, { "status": "affected", "version": "9.3(13)" }, { "status": "affected", "version": "10.2(7)" }, { "status": "affected", "version": "10.3(3x)" }, { "status": "affected", "version": "10.3(4g)" }, { "status": "affected", "version": "10.3(3r)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to\u0026nbsp;execute arbitrary code as root on an affected device.\r\n\r\nThis vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing a specific crafted command on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary code with the privileges of root." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-267", "description": "Privilege Defined With Unsafe Actions", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-28T16:27:38.420Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-bshacepe-bApeHSx7", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7" } ], "source": { "advisory": "cisco-sa-nxos-bshacepe-bApeHSx7", "defects": [ "CSCwh77791" ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Bash Arbitrary Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20411", "datePublished": "2024-08-28T16:27:38.420Z", "dateReserved": "2023-11-08T15:08:07.662Z", "dateUpdated": "2024-08-30T03:56:02.446Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1774
Vulnerability from cvelistv5
Published
2019-05-15 19:30
Modified
2024-11-20 17:21
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108371 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.695Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775" }, { "name": "108371", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108371" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1774", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:48.896170Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:21:13.499Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-17T16:06:13", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775" }, { "name": "108371", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108371" } ], "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1774-1775", "defect": [ [ "CSCvh75895", "CSCvh75909", "CSCvh75968", "CSCvh75976", "CSCvi92256", "CSCvi92258", "CSCvi92260", "CSCvi99195", "CSCvi99197", "CSCvi99198" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1774", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775" }, { "name": "108371", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108371" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1774-1775", "defect": [ [ "CSCvh75895", "CSCvh75909", "CSCvh75968", "CSCvh75976", "CSCvi92256", "CSCvi92258", "CSCvi92260", "CSCvi99195", "CSCvi99197", "CSCvi99198" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1774", "datePublished": "2019-05-15T19:30:40.907687Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:21:13.499Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20399
Vulnerability from cvelistv5
Published
2024-07-01 16:11
Modified
2024-09-17 18:07
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software CLI Command Injection Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(5a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(5b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A6\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(7a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(7b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(10a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(11\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(11a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)A8\\(11b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(5a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(5b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(5c\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)U6\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(6b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(8a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(8b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(12\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(18\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(16\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(14\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(6a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(20\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(5b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(9a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(9b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(11\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(13a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(13b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(17\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(20a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(22\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(27\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(29\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(24\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(24a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.2\\(33\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)F1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)F2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)F2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)F3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)F3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)F3\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)F3\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)F3\\(3c\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)F3\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I4\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I4\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I4\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I4\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I4\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I4\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I4\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I4\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I4\\(8a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I4\\(8b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I4\\(8z\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I4\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I5\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I5\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I7\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I7\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I7\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I7\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I7\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I7\\(5a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I7\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I7\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I7\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I7\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)I7\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.1\\(0\\)N1\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.1\\(0\\)N1\\(1b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.1\\(0\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.1\\(1\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.1\\(2\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.1\\(3\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.1\\(3\\)N1\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.1\\(4\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.1\\(5\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.1\\(5\\)N1\\(1b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.2\\(0\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.2\\(1\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.2\\(2\\)D1\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.2\\(2\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(0\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(0\\)DX\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(0\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(1\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(1\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(2\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(2\\)D1\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(2\\)D1\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(2\\)D1\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(2\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(3\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.0\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.1\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.1\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.1\\(1b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(7a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(11\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2v\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(4\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(3\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(4\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(5\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(2b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(2c\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(6a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(2f\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.4\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(7a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(11\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(12\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(13\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(6\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(5\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(7\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(7\\)N1\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(7\\)N1\\(1b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(6\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(8\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(7\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(9\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.5\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(10\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(8\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(1q\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(3t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(9\\)D1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(11\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(12\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(99w\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(99x\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(13\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(14\\)N1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.4\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.4\\(2\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nx-os", "vendor": "cisco", "versions": [ { "status": "affected", "version": "6.0\\(2\\)a6\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)A6\\(1a\\)" }, { "status": "affected", "version": "6.0\\(2\\)A6\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)A6\\(2a\\)" }, { "status": "affected", "version": "6.0\\(2\\)A6\\(3\\)" }, { "status": "affected", "version": "6.0\\(2\\)A6\\(3a\\)" }, { "status": "affected", "version": "6.0\\(2\\)A6\\(4\\)" }, { "status": "affected", "version": "6.0\\(2\\)A6\\(4a\\)" }, { "status": "affected", "version": "6.0\\(2\\)A6\\(5a\\)" }, { "status": "affected", "version": "6.0\\(2\\)A6\\(5b\\)" }, { "status": "affected", "version": "6.0\\(2\\)A6\\(6\\)" }, { "status": "affected", "version": "6.0\\(2\\)A6\\(7\\)" }, { "status": "affected", "version": "6.0\\(2\\)A6\\(8\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(3\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(4\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(4a\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(5\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(6\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(7\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(7a\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(7b\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(8\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(9\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(10a\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(10\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(11\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(11a\\)" }, { "status": "affected", "version": "6.0\\(2\\)A8\\(11b\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(3\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(4\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(5\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(6\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(7\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(8\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(1a\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(2a\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(3a\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(4a\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(5a\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(5b\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(5c\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(9\\)" }, { "status": "affected", "version": "6.0\\(2\\)U6\\(10\\)" }, { "status": "affected", "version": "6.2\\(2\\)" }, { "status": "affected", "version": "6.2\\(2a\\)" }, { "status": "affected", "version": "6.2\\(6\\)" }, { "status": "affected", "version": "6.2\\(6b\\)" }, { "status": "affected", "version": "6.2\\(8\\)" }, { "status": "affected", "version": "6.2\\(8a\\)" }, { "status": "affected", "version": "6.2\\(8b\\)" }, { "status": "affected", "version": "6.2\\(10\\)" }, { "status": "affected", "version": "6.2\\(12\\)" }, { "status": "affected", "version": "6.2\\(18\\)" }, { "status": "affected", "version": "6.2\\(16\\)" }, { "status": "affected", "version": "6.2\\(14\\)" }, { "status": "affected", "version": "6.2\\(6a\\)" }, { "status": "affected", "version": "6.2\\(20\\)" }, { "status": "affected", "version": "6.2\\(1\\)" }, { "status": "affected", "version": "6.2\\(5b\\)" }, { "status": "affected", "version": "6.2\\(9\\)" }, { "status": "affected", "version": "6.2\\(9a\\)" }, { "status": "affected", "version": "6.2\\(9b\\)" }, { "status": "affected", "version": "6.2\\(11\\)" }, { "status": "affected", "version": "6.2\\(13a\\)" }, { "status": "affected", "version": "6.2\\(13b\\)" }, { "status": "affected", "version": "6.2\\(17\\)" }, { "status": "affected", "version": "6.2\\(20a\\)" }, { "status": "affected", "version": "6.2\\(22\\)" }, { "status": "affected", "version": "6.2\\(27\\)" }, { "status": "affected", "version": "6.2\\(29\\)" }, { "status": "affected", "version": "6.2\\(24\\)" }, { "status": "affected", "version": "6.2\\(24a\\)" }, { "status": "affected", "version": "6.2\\(33\\)" }, { "status": "affected", "version": "7.0\\(3\\)F1\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)F2\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)F2\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)F3\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)F3\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)F3\\(3a\\)" }, { "status": "affected", "version": "7.0\\(3\\)F3\\(4\\)" }, { "status": "affected", "version": "7.0\\(3\\)F3\\(3c\\)" }, { "status": "affected", "version": "7.0\\(3\\)F3\\(5\\)" }, { "status": "affected", "version": "7.0\\(3\\)I4\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)I4\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)I4\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)I4\\(4\\)" }, { "status": "affected", "version": "7.0\\(3\\)I4\\(5\\)" }, { "status": "affected", "version": "7.0\\(3\\)I4\\(6\\)" }, { "status": "affected", "version": "7.0\\(3\\)I4\\(7\\)" }, { "status": "affected", "version": "7.0\\(3\\)I4\\(8\\)" }, { "status": "affected", "version": "7.0\\(3\\)I4\\(8a\\)" }, { "status": "affected", "version": "7.0\\(3\\)I4\\(8b\\)" }, { "status": "affected", "version": "7.0\\(3\\)I4\\(8z\\)" }, { "status": "affected", "version": "7.0\\(3\\)I4\\(9\\)" }, { "status": "affected", "version": "7.0\\(3\\)I5\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)I5\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)I6\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)I6\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)I7\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)I7\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)I7\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)I7\\(4\\)" }, { "status": "affected", "version": "7.0\\(3\\)I7\\(5\\)" }, { "status": "affected", "version": "7.0\\(3\\)I7\\(5a\\)" }, { "status": "affected", "version": "7.0\\(3\\)I7\\(6\\)" }, { "status": "affected", "version": "7.0\\(3\\)I7\\(7\\)" }, { "status": "affected", "version": "7.0\\(3\\)I7\\(8\\)" }, { "status": "affected", "version": "7.0\\(3\\)I7\\(9\\)" }, { "status": "affected", "version": "7.0\\(3\\)I7\\(10\\)" }, { "status": "affected", "version": "7.1\\(0\\)N1\\(1a\\)" }, { "status": "affected", "version": "7.1\\(0\\)N1\\(1b\\)" }, { "status": "affected", "version": "7.1\\(0\\)N1\\(1\\)" }, { "status": "affected", "version": "7.1\\(1\\)N1\\(1\\)" }, { "status": "affected", "version": "7.1\\(2\\)N1\\(1\\)" }, { "status": "affected", "version": "7.1\\(3\\)N1\\(1\\)" }, { "status": "affected", "version": "7.1\\(3\\)N1\\(2\\)" }, { "status": "affected", "version": "7.1\\(4\\)N1\\(1\\)" }, { "status": "affected", "version": "7.1\\(5\\)N1\\(1\\)" }, { "status": "affected", "version": "7.1\\(5\\)N1\\(1b\\)" }, { "status": "affected", "version": "7.2\\(0\\)D1\\(1\\)" }, { "status": "affected", "version": "7.2\\(1\\)D1\\(1\\)" }, { "status": "affected", "version": "7.2\\(2\\)D1\\(2\\)" }, { "status": "affected", "version": "7.2\\(2\\)D1\\(1\\)" }, { "status": "affected", "version": "7.3\\(0\\)D1\\(1\\)" }, { "status": "affected", "version": "7.3\\(0\\)DX\\(1\\)" }, { "status": "affected", "version": "7.3\\(0\\)N1\\(1\\)" }, { "status": "affected", "version": "7.3\\(1\\)D1\\(1\\)" }, { "status": "affected", "version": "7.3\\(1\\)N1\\(1\\)" }, { "status": "affected", "version": "7.3\\(2\\)D1\\(1\\)" }, { "status": "affected", "version": "7.3\\(2\\)D1\\(2\\)" }, { "status": "affected", "version": "7.3\\(2\\)D1\\(3\\)" }, { "status": "affected", "version": "7.3\\(2\\)D1\\(3a\\)" }, { "status": "affected", "version": "7.3\\(2\\)N1\\(1\\)" }, { "status": "affected", "version": "7.3\\(3\\)N1\\(1\\)" }, { "status": "affected", "version": "8.0\\(1\\)" }, { "status": "affected", "version": "8.1\\(1\\)" }, { "status": "affected", "version": "8.1\\(2\\)" }, { "status": "affected", "version": "8.1\\(2a\\)" }, { "status": "affected", "version": "8.1\\(1b\\)" }, { "status": "affected", "version": "8.2\\(1\\)" }, { "status": "affected", "version": "8.2\\(2\\)" }, { "status": "affected", "version": "8.2\\(3\\)" }, { "status": "affected", "version": "8.2\\(4\\)" }, { "status": "affected", "version": "8.2\\(5\\)" }, { "status": "affected", "version": "8.2\\(6\\)" }, { "status": "affected", "version": "8.2\\(7\\)" }, { "status": "affected", "version": "8.2\\(7a\\)" }, { "status": "affected", "version": "8.2\\(8\\)" }, { "status": "affected", "version": "8.2\\(9\\)" }, { "status": "affected", "version": "8.2\\(10\\)" }, { "status": "affected", "version": "8.2\\(11\\)" }, { "status": "affected", "version": "8.3\\(1\\)" }, { "status": "affected", "version": "8.3\\(2\\)" }, { "status": "affected", "version": "9.2\\(1\\)" }, { "status": "affected", "version": "9.2\\(2\\)" }, { "status": "affected", "version": "9.2\\(2t\\)" }, { "status": "affected", "version": "9.2\\(3\\)" }, { "status": "affected", "version": "9.2\\(4\\)" }, { "status": "affected", "version": "9.2\\(2v\\)" }, { "status": "affected", "version": "7.3\\(4\\)N1\\(1\\)" }, { "status": "affected", "version": "7.3\\(3\\)D1\\(1\\)" }, { "status": "affected", "version": "7.3\\(4\\)D1\\(1\\)" }, { "status": "affected", "version": "7.3\\(5\\)N1\\(1\\)" }, { "status": "affected", "version": "8.4\\(1\\)" }, { "status": "affected", "version": "8.4\\(2\\)" }, { "status": "affected", "version": "8.4\\(3\\)" }, { "status": "affected", "version": "8.4\\(2b\\)" }, { "status": "affected", "version": "8.4\\(4\\)" }, { "status": "affected", "version": "8.4\\(2c\\)" }, { "status": "affected", "version": "8.4\\(4a\\)" }, { "status": "affected", "version": "8.4\\(5\\)" }, { "status": "affected", "version": "8.4\\(6\\)" }, { "status": "affected", "version": "8.4\\(6a\\)" }, { "status": "affected", "version": "8.4\\(7\\)" }, { "status": "affected", "version": "8.4\\(2f\\)" }, { "status": "affected", "version": "8.4\\(8\\)" }, { "status": "affected", "version": "8.4\\(9\\)" }, { "status": "affected", "version": "9.3\\(1\\)" }, { "status": "affected", "version": "9.3\\(2\\)" }, { "status": "affected", "version": "9.3\\(3\\)" }, { "status": "affected", "version": "9.3\\(4\\)" }, { "status": "affected", "version": "9.3\\(5\\)" }, { "status": "affected", "version": "9.3\\(6\\)" }, { "status": "affected", "version": "9.3\\(7\\)" }, { "status": "affected", "version": "9.3\\(7a\\)" }, { "status": "affected", "version": "9.3\\(8\\)" }, { "status": "affected", "version": "9.3\\(9\\)" }, { "status": "affected", "version": "9.3\\(10\\)" }, { "status": "affected", "version": "9.3\\(11\\)" }, { "status": "affected", "version": "9.3\\(2a\\)" }, { "status": "affected", "version": "9.3\\(12\\)" }, { "status": "affected", "version": "9.3\\(13\\)" }, { "status": "affected", "version": "7.3\\(6\\)N1\\(1\\)" }, { "status": "affected", "version": "7.3\\(5\\)D1\\(1\\)" }, { "status": "affected", "version": "7.3\\(7\\)N1\\(1\\)" }, { "status": "affected", "version": "7.3\\(7\\)N1\\(1a\\)" }, { "status": "affected", "version": "7.3\\(7\\)N1\\(1b\\)" }, { "status": "affected", "version": "7.3\\(6\\)D1\\(1\\)" }, { "status": "affected", "version": "7.3\\(8\\)N1\\(1\\)" }, { "status": "affected", "version": "7.3\\(7\\)D1\\(1\\)" }, { "status": "affected", "version": "7.3\\(9\\)N1\\(1\\)" }, { "status": "affected", "version": "10.1\\(1\\)" }, { "status": "affected", "version": "8.5\\(1\\)" }, { "status": "affected", "version": "7.3\\(10\\)N1\\(1\\)" }, { "status": "affected", "version": "7.3\\(8\\)D1\\(1\\)" }, { "status": "affected", "version": "10.2\\(1\\)" }, { "status": "affected", "version": "10.2\\(1q\\)" }, { "status": "affected", "version": "10.2\\(2\\)" }, { "status": "affected", "version": "10.2\\(3\\)" }, { "status": "affected", "version": "10.2\\(3t\\)" }, { "status": "affected", "version": "7.3\\(9\\)D1\\(1\\)" }, { "status": "affected", "version": "7.3\\(11\\)N1\\(1\\)" }, { "status": "affected", "version": "7.3\\(12\\)N1\\(1\\)" }, { "status": "affected", "version": "10.3\\(1\\)" }, { "status": "affected", "version": "10.3\\(3\\)" }, { "status": "affected", "version": "10.3\\(99w\\)" }, { "status": "affected", "version": "10.3\\(99x\\)" }, { "status": "affected", "version": "10.3\\(4a\\)" }, { "status": "affected", "version": "10.3\\(5\\)" }, { "status": "affected", "version": "7.3\\(13\\)N1\\(1\\)" }, { "status": "affected", "version": "7.3\\(14\\)N1\\(1\\)" }, { "status": "affected", "version": "10.4\\(1\\)" }, { "status": "affected", "version": "10.4\\(2\\)" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20399", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-02T15:08:04.278010Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2024-07-02", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2024-07-02T20:40:44.265Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:42.407Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nxos-cmd-injection-xD9OhyOP", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP" }, { "tags": [ "x_transferred" ], "url": "https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "8.2(5)" }, { "status": "affected", "version": "7.3(6)N1(1a)" }, { "status": "affected", "version": "7.3(5)D1(1)" }, { "status": "affected", "version": "8.4(2)" }, { "status": "affected", "version": "7.3(6)N1(1)" }, { "status": "affected", "version": "6.2(2)" }, { "status": "affected", "version": "8.4(3)" }, { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "7.0(3)I5(2)" }, { "status": "affected", "version": "8.2(1)" }, { "status": "affected", "version": "6.0(2)A8(7a)" }, { "status": "affected", "version": "7.0(3)I4(5)" }, { "status": "affected", "version": "6.0(2)A6(1)" }, { "status": "affected", "version": "7.3(1)D1(1)" }, { "status": "affected", "version": "6.2(14a)" }, { "status": "affected", "version": "7.0(3)I4(6)" }, { "status": "affected", "version": "7.3(4)N1(1)" }, { "status": "affected", "version": "7.0(3)I4(3)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "6.0(2)A6(5b)" }, { "status": "affected", "version": "7.3(0)D1(1)" }, { "status": "affected", "version": "6.2(17a)" }, { "status": "affected", "version": "7.0(3)I4(7)" }, { "status": "affected", "version": "6.0(2)U6(1a)" }, { "status": "affected", "version": "7.1(5)N1(1b)" }, { "status": "affected", "version": "7.0(3)I4(1)" }, { "status": "affected", "version": "7.0(3)I4(8)" }, { "status": "affected", "version": "7.0(3)I4(2)" }, { "status": "affected", "version": "7.1(4)N1(1c)" }, { "status": "affected", "version": "7.0(3)IM3(1)" }, { "status": "affected", "version": "6.0(2)U6(5a)" }, { "status": "affected", "version": "6.0(2)A8(11)" }, { "status": "affected", "version": "6.0(2)A6(4a)" }, { "status": "affected", "version": "6.2(9)" }, { "status": "affected", "version": "6.2(5)" }, { "status": "affected", "version": "7.3(4)D1(1)" }, { "status": "affected", "version": "6.2(20)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3y)" }, { "status": "affected", "version": "7.0(3)I4(1t)" }, { "status": "affected", "version": "6.0(2)U6(5c)" }, { "status": "affected", "version": "6.0(2)A6(4)" }, { "status": "affected", "version": "7.0(3)I7(6z)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "7.3(1)DY(1)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "6.0(2)U6(6)" }, { "status": "affected", "version": "6.2(29)" }, { "status": "affected", "version": "7.0(3)I7(3z)" }, { "status": "affected", "version": "7.0(3)IM7(2)" }, { "status": "affected", "version": "6.0(2)A8(11b)" }, { "status": "affected", "version": "6.2(9a)" }, { "status": "affected", "version": "7.3(0)N1(1)" }, { "status": "affected", "version": "7.0(3)I7(5a)" }, { "status": "affected", "version": "6.2(11d)" }, { "status": "affected", "version": "8.1(1)" }, { "status": "affected", "version": "7.0(3)I6(1)" }, { "status": "affected", "version": "6.0(2)U6(10)" }, { "status": "affected", "version": "7.2(2)D1(2)" }, { "status": "affected", "version": "7.0(3)IM3(2)" }, { "status": "affected", "version": "6.0(2)A6(8)" }, { "status": "affected", "version": "8.2(2)" }, { "status": "affected", "version": "6.0(2)U6(1)" }, { "status": "affected", "version": "7.3(2)N1(1c)" }, { "status": "affected", "version": "7.0(3)I5(3b)" }, { "status": "affected", "version": "8.3(2)" }, { "status": "affected", "version": "7.3(5)N1(1)" }, { "status": "affected", "version": "6.0(2)A6(2a)" }, { "status": "affected", "version": "7.3(2)N1(1b)" }, { "status": "affected", "version": "6.2(27)" }, { "status": "affected", "version": "7.3(2)D1(3a)" }, { "status": "affected", "version": "7.3(1)N1(1)" }, { "status": "affected", "version": "6.0(2)U6(7)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "7.1(4)N1(1a)" }, { "status": "affected", "version": "7.1(3)N1(4)" }, { "status": "affected", "version": "7.0(3)IM3(2a)" }, { "status": "affected", "version": "6.2(8b)" }, { "status": "affected", "version": "6.0(2)A8(10)" }, { "status": "affected", "version": "7.1(3)N1(2)" }, { "status": "affected", "version": "6.2(13)" }, { "status": "affected", "version": "6.0(2)A8(2)" }, { "status": "affected", "version": "7.0(3)IC4(4)" }, { "status": "affected", "version": "6.2(1)" }, { "status": "affected", "version": "7.3(4)N1(1a)" }, { "status": "affected", "version": "8.1(2)" }, { "status": "affected", "version": "6.0(2)A6(3)" }, { "status": "affected", "version": "6.0(2)U6(5b)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.3(3)D1(1)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "6.0(2)U6(5)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "7.1(2)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(3)" }, { "status": "affected", "version": "8.2(3)" }, { "status": "affected", "version": "6.0(2)A6(7)" }, { "status": "affected", "version": "7.0(3)I7(2)" }, { "status": "affected", "version": "6.2(5a)" }, { "status": "affected", "version": "6.2(18)" }, { "status": "affected", "version": "6.0(2)A6(5)" }, { "status": "affected", "version": "7.0(3)IM3(2b)" }, { "status": "affected", "version": "7.1(3)N1(1)" }, { "status": "affected", "version": "6.0(2)U6(4a)" }, { "status": "affected", "version": "7.0(3)I5(3)" }, { "status": "affected", "version": "7.0(3)I7(3)" }, { "status": "affected", "version": "6.0(2)A8(6)" }, { "status": "affected", "version": "7.0(3)I6(2)" }, { "status": "affected", "version": "8.3(1)" }, { "status": "affected", "version": "6.2(3)" }, { "status": "affected", "version": "6.2(22)" }, { "status": "affected", "version": "7.1(1)N1(1)" }, { "status": "affected", "version": "8.4(1)" }, { "status": "affected", "version": "8.1(1b)" }, { "status": "affected", "version": "7.3(0)N1(1b)" }, { "status": "affected", "version": "7.2(2)D1(4)" }, { "status": "affected", "version": "6.0(2)A8(5)" }, { "status": "affected", "version": "7.3(0)DX(1)" }, { "status": "affected", "version": "7.1(4)N1(1d)" }, { "status": "affected", "version": "7.3(2)D1(1)" }, { "status": "affected", "version": "7.3(2)N1(1)" }, { "status": "affected", "version": "6.0(2)U6(8)" }, { "status": "affected", "version": "7.1(1)N1(1a)" }, { "status": "affected", "version": "7.0(3)IM3(3)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "6.0(2)U6(2)" }, { "status": "affected", "version": "6.2(9b)" }, { "status": "affected", "version": "7.1(3)N1(2a)" }, { "status": "affected", "version": "7.3(0)N1(1a)" }, { "status": "affected", "version": "6.0(2)A8(7)" }, { "status": "affected", "version": "7.0(3)I7(6)" }, { "status": "affected", "version": "7.3(2)D1(2)" }, { "status": "affected", "version": "6.2(25)" }, { "status": "affected", "version": "6.0(2)U6(3a)" }, { "status": "affected", "version": "8.0(1)" }, { "status": "affected", "version": "6.0(2)A8(11a)" }, { "status": "affected", "version": "6.2(11e)" }, { "status": "affected", "version": "7.1(3)N1(5)" }, { "status": "affected", "version": "7.0(3)I4(8z)" }, { "status": "affected", "version": "6.2(11)" }, { "status": "affected", "version": "7.0(3)I4(9)" }, { "status": "affected", "version": "6.2(16)" }, { "status": "affected", "version": "6.2(19)" }, { "status": "affected", "version": "8.2(4)" }, { "status": "affected", "version": "6.2(2a)" }, { "status": "affected", "version": "7.2(2)D1(3)" }, { "status": "affected", "version": "7.1(0)N1(1b)" }, { "status": "affected", "version": "7.0(3)I7(4)" }, { "status": "affected", "version": "7.0(3)I7(7)" }, { "status": "affected", "version": "6.2(5b)" }, { "status": "affected", "version": "7.3(0)DY(1)" }, { "status": "affected", "version": "6.0(2)A8(9)" }, { "status": "affected", "version": "6.0(2)A8(1)" }, { "status": "affected", "version": "7.1(5)N1(1)" }, { "status": "affected", "version": "7.2(1)D1(1)" }, { "status": "affected", "version": "6.2(15)" }, { "status": "affected", "version": "6.0(2)A6(6)" }, { "status": "affected", "version": "6.0(2)A8(10a)" }, { "status": "affected", "version": "7.0(3)I5(1)" }, { "status": "affected", "version": "9.3(1z)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "6.2(7)" }, { "status": "affected", "version": "6.2(9c)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "7.3(3)N1(1)" }, { "status": "affected", "version": "6.2(6b)" }, { "status": "affected", "version": "7.0(3)I4(8b)" }, { "status": "affected", "version": "8.1(2a)" }, { "status": "affected", "version": "7.3(2)D1(3)" }, { "status": "affected", "version": "6.2(8)" }, { "status": "affected", "version": "6.0(2)A8(3)" }, { "status": "affected", "version": "6.2(11b)" }, { "status": "affected", "version": "7.0(3)I4(6t)" }, { "status": "affected", "version": "7.0(3)I5(3a)" }, { "status": "affected", "version": "8.1(1a)" }, { "status": "affected", "version": "6.2(13a)" }, { "status": "affected", "version": "6.0(2)A8(8)" }, { "status": "affected", "version": "7.0(3)I7(5)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "7.1(0)N1(1a)" }, { "status": "affected", "version": "6.0(2)A8(4)" }, { "status": "affected", "version": "6.0(2)A6(3a)" }, { "status": "affected", "version": "6.0(2)A6(5a)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)I4(8a)" }, { "status": "affected", "version": "6.0(2)U6(9)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "6.0(2)U6(2a)" }, { "status": "affected", "version": "6.2(12)" }, { "status": "affected", "version": "6.2(17)" }, { "status": "affected", "version": "7.0(3)I4(4)" }, { "status": "affected", "version": "6.2(23)" }, { "status": "affected", "version": "6.2(13b)" }, { "status": "affected", "version": "6.0(2)U6(3)" }, { "status": "affected", "version": "6.2(10)" }, { "status": "affected", "version": "6.2(6a)" }, { "status": "affected", "version": "6.2(6)" }, { "status": "affected", "version": "7.1(2)N1(1a)" }, { "status": "affected", "version": "6.2(14)" }, { "status": "affected", "version": "7.0(3)I7(1)" }, { "status": "affected", "version": "6.2(14b)" }, { "status": "affected", "version": "6.2(21)" }, { "status": "affected", "version": "7.2(2)D1(1)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)IA7(2)" }, { "status": "affected", "version": "7.0(3)IA7(1)" }, { "status": "affected", "version": "6.0(2)A8(7b)" }, { "status": "affected", "version": "6.2(8a)" }, { "status": "affected", "version": "6.2(11c)" }, { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "6.0(2)A6(1a)" }, { "status": "affected", "version": "7.1(0)N1(1)" }, { "status": "affected", "version": "7.2(0)D1(1)" }, { "status": "affected", "version": "6.0(2)A6(2)" }, { "status": "affected", "version": "7.1(4)N1(1)" }, { "status": "affected", "version": "6.0(2)A8(4a)" }, { "status": "affected", "version": "6.2(20a)" }, { "status": "affected", "version": "6.0(2)U6(4)" }, { "status": "affected", "version": "8.4(1a)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "7.3(2)D1(1d)" }, { "status": "affected", "version": "7.3(7)N1(1)" }, { "status": "affected", "version": "6.2(24)" }, { "status": "affected", "version": "6.2(31)" }, { "status": "affected", "version": "7.0(3)I7(8)" }, { "status": "affected", "version": "6.0(2)U6(10a)" }, { "status": "affected", "version": "7.3(7)N1(1a)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "7.3(6)D1(1)" }, { "status": "affected", "version": "6.2(26)" }, { "status": "affected", "version": "8.2(6)" }, { "status": "affected", "version": "6.2(33)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "8.4(2a)" }, { "status": "affected", "version": "8.4(2b)" }, { "status": "affected", "version": "7.3(8)N1(1)" }, { "status": "affected", "version": "7.0(3)I7(9)" }, { "status": "affected", "version": "7.3(7)N1(1b)" }, { "status": "affected", "version": "6.2(24a)" }, { "status": "affected", "version": "8.5(1)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "8.4(4)" }, { "status": "affected", "version": "7.3(7)D1(1)" }, { "status": "affected", "version": "8.4(2c)" }, { "status": "affected", "version": "9.3(5w)" }, { "status": "affected", "version": "8.2(7)" }, { "status": "affected", "version": "7.3(9)N1(1)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7k)" }, { "status": "affected", "version": "7.0(3)I7(9w)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "7.3(8)N1(1a)" }, { "status": "affected", "version": "7.3(8)D1(1)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "8.2(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "8.4(4a)" }, { "status": "affected", "version": "8.4(2d)" }, { "status": "affected", "version": "7.3(10)N1(1)" }, { "status": "affected", "version": "8.4(5)" }, { "status": "affected", "version": "7.0(3)I7(10)" }, { "status": "affected", "version": "7.3(8)N1(1b)" }, { "status": "affected", "version": "8.2(8)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "7.3(9)D1(1)" }, { "status": "affected", "version": "7.3(11)N1(1)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "8.4(6)" }, { "status": "affected", "version": "8.4(2e)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "7.3(11)N1(1a)" }, { "status": "affected", "version": "10.2(2a)" }, { "status": "affected", "version": "7.3(12)N1(1)" }, { "status": "affected", "version": "9.2(1a)" }, { "status": "affected", "version": "8.2(9)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "7.3(13)N1(1)" }, { "status": "affected", "version": "8.4(7)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "8.4(6a)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "10.3(3)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "9.4(1)" }, { "status": "affected", "version": "9.3(2a)" }, { "status": "affected", "version": "8.4(2f)" }, { "status": "affected", "version": "8.2(10)" }, { "status": "affected", "version": "9.3(12)" }, { "status": "affected", "version": "10.4(1)" }, { "status": "affected", "version": "8.4(8)" }, { "status": "affected", "version": "10.3(99w)" }, { "status": "affected", "version": "7.3(14)N1(1)" }, { "status": "affected", "version": "10.2(6)" }, { "status": "affected", "version": "10.3(3w)" }, { "status": "affected", "version": "10.3(99x)" }, { "status": "affected", "version": "10.3(3o)" }, { "status": "affected", "version": "8.4(9)" }, { "status": "affected", "version": "10.3(4)" }, { "status": "affected", "version": "10.3(3p)" }, { "status": "affected", "version": "10.3(4a)" }, { "status": "affected", "version": "9.4(1a)" }, { "status": "affected", "version": "10.4(2)" }, { "status": "affected", "version": "10.3(3q)" }, { "status": "affected", "version": "9.3(13)" }, { "status": "affected", "version": "8.2(11)" }, { "status": "affected", "version": "9.4(2)" }, { "status": "affected", "version": "10.3(5)" }, { "status": "affected", "version": "10.2(7)" }, { "status": "affected", "version": "10.3(3x)" }, { "status": "affected", "version": "10.3(4g)" }, { "status": "affected", "version": "10.2(8)" }, { "status": "affected", "version": "10.3(3r)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.\r\nNote: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. The following Cisco devices already allow administrative users to access the underlying operating system through the bash-shell feature, so, for these devices, this vulnerability does not grant any additional privileges:\r\n\r\nNexus 3000 Series Switches\r\nNexus 7000 Series Switches that are running Cisco NX-OS Software releases 8.1(1) and later\r\nNexus 9000 Series Switches in standalone NX-OS mode" } ], "exploits": [ { "lang": "en", "value": "In May 2024, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-17T18:07:44.853Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-cmd-injection-xD9OhyOP", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP" } ], "source": { "advisory": "cisco-sa-nxos-cmd-injection-xD9OhyOP", "defects": [ "CSCwj94682" ], "discovery": "EXTERNAL" }, "title": "Cisco NX-OS Software CLI Command Injection Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20399", "datePublished": "2024-07-01T16:11:44.028Z", "dateReserved": "2023-11-08T15:08:07.660Z", "dateUpdated": "2024-09-17T18:07:44.853Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1727
Vulnerability from cvelistv5
Published
2019-05-15 16:45
Modified
2024-09-17 00:51
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-pyth-escal | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108341 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:41.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-pyth-escal" }, { "name": "108341", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108341" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "6.2(25)", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "8.3(2)", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "7.0(3)I7(3)", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "9.2(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker\u0027s privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker\u0027s privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-264", "description": "CWE-264", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-16T09:06:04", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-pyth-escal" }, { "name": "108341", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108341" } ], "source": { "advisory": "cisco-sa-20190515-nxos-pyth-escal", "defect": [ [ "CSCvh24788", "CSCvi99282", "CSCvi99284", "CSCvi99288" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1727", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "6.2(25)" }, { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(2)" }, { "affected": "\u003c", "version_affected": "\u003c", "version_value": "7.0(3)I7(3)" }, { "affected": "\u003c", "version_affected": "\u003c", "version_value": "9.2(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker\u0027s privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker\u0027s privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.2", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-264" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-pyth-escal" }, { "name": "108341", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108341" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-pyth-escal", "defect": [ [ "CSCvh24788", "CSCvi99282", "CSCvi99284", "CSCvi99288" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1727", "datePublished": "2019-05-15T16:45:30.751023Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-17T00:51:24.873Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20267
Vulnerability from cvelistv5
Published
2024-02-28 16:15
Modified
2024-08-28 14:13
Severity ?
EPSS score ?
Summary
A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload.
This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that is encapsulated within an MPLS frame to an MPLS-enabled interface of the targeted device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition.
Note: The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:52:31.664Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-ipv6-mpls-dos-R9ycXkwM", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-mpls-dos-R9ycXkwM" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-20267", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-05T15:17:32.267858Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T14:13:57.631Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.0(2)A3(1)" }, { "status": "affected", "version": "6.0(2)A3(2)" }, { "status": "affected", "version": "6.0(2)A3(4)" }, { "status": "affected", "version": "6.0(2)A4(1)" }, { "status": "affected", "version": "6.0(2)A4(2)" }, { "status": "affected", "version": "6.0(2)A4(3)" }, { "status": "affected", "version": "6.0(2)A4(4)" }, { "status": "affected", "version": "6.0(2)A4(5)" }, { "status": "affected", "version": "6.0(2)A4(6)" }, { "status": "affected", "version": "6.0(2)A6(1)" }, { "status": "affected", "version": "6.0(2)A6(1a)" }, { "status": "affected", "version": "6.0(2)A6(2)" }, { "status": "affected", "version": "6.0(2)A6(2a)" }, { "status": "affected", "version": "6.0(2)A6(3)" }, { "status": "affected", "version": "6.0(2)A6(3a)" }, { "status": "affected", "version": "6.0(2)A6(4)" }, { "status": "affected", "version": "6.0(2)A6(4a)" }, { "status": "affected", "version": "6.0(2)A6(5)" }, { "status": "affected", "version": "6.0(2)A6(5a)" }, { "status": "affected", "version": "6.0(2)A6(5b)" }, { "status": "affected", "version": "6.0(2)A6(6)" }, { "status": "affected", "version": "6.0(2)A6(7)" }, { "status": "affected", "version": "6.0(2)A6(8)" }, { "status": "affected", "version": "6.0(2)A7(1)" }, { "status": "affected", "version": "6.0(2)A7(1a)" }, { "status": "affected", "version": "6.0(2)A7(2)" }, { "status": "affected", "version": "6.0(2)A7(2a)" }, { "status": "affected", "version": "6.0(2)A8(1)" }, { "status": "affected", "version": "6.0(2)A8(2)" }, { "status": "affected", "version": "6.0(2)A8(3)" }, { "status": "affected", "version": "6.0(2)A8(4)" }, { "status": "affected", "version": "6.0(2)A8(4a)" }, { "status": "affected", "version": "6.0(2)A8(5)" }, { "status": "affected", "version": "6.0(2)A8(6)" }, { "status": "affected", "version": "6.0(2)A8(7)" }, { "status": "affected", "version": "6.0(2)A8(7a)" }, { "status": "affected", "version": "6.0(2)A8(7b)" }, { "status": "affected", "version": "6.0(2)A8(8)" }, { "status": "affected", "version": "6.0(2)A8(9)" }, { "status": "affected", "version": "6.0(2)A8(10a)" }, { "status": "affected", "version": "6.0(2)A8(10)" }, { "status": "affected", "version": "6.0(2)A8(11)" }, { "status": "affected", "version": "6.0(2)A8(11a)" }, { "status": "affected", "version": "6.0(2)A8(11b)" }, { "status": "affected", "version": "6.0(2)U2(1)" }, { "status": "affected", "version": "6.0(2)U2(2)" }, { "status": "affected", "version": "6.0(2)U2(3)" }, { "status": "affected", "version": "6.0(2)U2(4)" }, { "status": "affected", "version": "6.0(2)U2(5)" }, { "status": "affected", "version": "6.0(2)U2(6)" }, { "status": "affected", "version": "6.0(2)U3(1)" }, { "status": "affected", "version": "6.0(2)U3(2)" }, { "status": "affected", "version": "6.0(2)U3(3)" }, { "status": "affected", "version": "6.0(2)U3(4)" }, { "status": "affected", "version": "6.0(2)U3(5)" }, { "status": "affected", "version": "6.0(2)U3(6)" }, { "status": "affected", "version": "6.0(2)U3(7)" }, { "status": "affected", "version": "6.0(2)U3(8)" }, { "status": "affected", "version": "6.0(2)U3(9)" }, { "status": "affected", "version": "6.0(2)U4(1)" }, { "status": "affected", "version": "6.0(2)U4(2)" }, { "status": "affected", "version": "6.0(2)U4(3)" }, { "status": "affected", "version": "6.0(2)U4(4)" }, { "status": "affected", "version": "6.0(2)U5(1)" }, { "status": "affected", "version": "6.0(2)U5(2)" }, { "status": "affected", "version": "6.0(2)U5(3)" }, { "status": "affected", "version": "6.0(2)U5(4)" }, { "status": "affected", "version": "6.0(2)U6(1)" }, { "status": "affected", "version": "6.0(2)U6(2)" }, { "status": "affected", "version": "6.0(2)U6(3)" }, { "status": "affected", "version": "6.0(2)U6(4)" }, { "status": "affected", "version": "6.0(2)U6(5)" }, { "status": "affected", "version": "6.0(2)U6(6)" }, { "status": "affected", "version": "6.0(2)U6(7)" }, { "status": "affected", "version": "6.0(2)U6(8)" }, { "status": "affected", "version": "6.0(2)U6(1a)" }, { "status": "affected", "version": "6.0(2)U6(2a)" }, { "status": "affected", "version": "6.0(2)U6(3a)" }, { "status": "affected", "version": "6.0(2)U6(4a)" }, { "status": "affected", "version": "6.0(2)U6(5a)" }, { "status": "affected", "version": "6.0(2)U6(5b)" }, { "status": "affected", "version": "6.0(2)U6(5c)" }, { "status": "affected", "version": "6.0(2)U6(9)" }, { "status": "affected", "version": "6.0(2)U6(10)" }, { "status": "affected", "version": "6.2(2)" }, { "status": "affected", "version": "6.2(2a)" }, { "status": "affected", "version": "6.2(6)" }, { "status": "affected", "version": "6.2(6b)" }, { "status": "affected", "version": "6.2(8)" }, { "status": "affected", "version": "6.2(8a)" }, { "status": "affected", "version": "6.2(8b)" }, { "status": "affected", "version": "6.2(10)" }, { "status": "affected", "version": "6.2(12)" }, { "status": "affected", "version": "6.2(18)" }, { "status": "affected", "version": "6.2(16)" }, { "status": "affected", "version": "6.2(14)" }, { "status": "affected", "version": "6.2(6a)" }, { "status": "affected", "version": "6.2(20)" }, { "status": "affected", "version": "6.2(20a)" }, { "status": "affected", "version": "6.2(22)" }, { "status": "affected", "version": "6.2(24)" }, { "status": "affected", "version": "6.2(24a)" }, { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "7.0(3)I2(2a)" }, { "status": "affected", "version": "7.0(3)I2(2b)" }, { "status": "affected", "version": "7.0(3)I2(2c)" }, { "status": "affected", "version": "7.0(3)I2(2d)" }, { "status": "affected", "version": "7.0(3)I2(2e)" }, { "status": "affected", "version": "7.0(3)I2(3)" }, { "status": "affected", "version": "7.0(3)I2(4)" }, { "status": "affected", "version": "7.0(3)I2(5)" }, { "status": "affected", "version": "7.0(3)I2(1)" }, { "status": "affected", "version": "7.0(3)I2(1a)" }, { "status": "affected", "version": "7.0(3)I2(2)" }, { "status": "affected", "version": "7.0(3)I3(1)" }, { "status": "affected", "version": "7.0(3)I4(1)" }, { "status": "affected", "version": "7.0(3)I4(2)" }, { "status": "affected", "version": "7.0(3)I4(3)" }, { "status": "affected", "version": "7.0(3)I4(4)" }, { "status": "affected", "version": "7.0(3)I4(5)" }, { "status": "affected", "version": "7.0(3)I4(6)" }, { "status": "affected", "version": "7.0(3)I4(7)" }, { "status": "affected", "version": "7.0(3)I4(8)" }, { "status": "affected", "version": "7.0(3)I4(8a)" }, { "status": "affected", "version": "7.0(3)I4(8b)" }, { "status": "affected", "version": "7.0(3)I4(8z)" }, { "status": "affected", "version": "7.0(3)I4(9)" }, { "status": "affected", "version": "7.0(3)I5(1)" }, { "status": "affected", "version": "7.0(3)I5(2)" }, { "status": "affected", "version": "7.0(3)I6(1)" }, { "status": "affected", "version": "7.0(3)I6(2)" }, { "status": "affected", "version": "7.0(3)I7(1)" }, { "status": "affected", "version": "7.0(3)I7(2)" }, { "status": "affected", "version": "7.0(3)I7(3)" }, { "status": "affected", "version": "7.0(3)I7(4)" }, { "status": "affected", "version": "7.0(3)I7(5)" }, { "status": "affected", "version": "7.0(3)I7(5a)" }, { "status": "affected", "version": "7.0(3)I7(6)" }, { "status": "affected", "version": "7.0(3)I7(7)" }, { "status": "affected", "version": "7.0(3)I7(8)" }, { "status": "affected", "version": "7.0(3)I7(9)" }, { "status": "affected", "version": "7.0(3)I7(10)" }, { "status": "affected", "version": "7.1(0)N1(1a)" }, { "status": "affected", "version": "7.1(0)N1(1b)" }, { "status": "affected", "version": "7.1(0)N1(1)" }, { "status": "affected", "version": "7.1(1)N1(1)" }, { "status": "affected", "version": "7.1(2)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(2)" }, { "status": "affected", "version": "7.1(4)N1(1)" }, { "status": "affected", "version": "7.1(5)N1(1)" }, { "status": "affected", "version": "7.1(5)N1(1b)" }, { "status": "affected", "version": "7.2(0)D1(1)" }, { "status": "affected", "version": "7.2(1)D1(1)" }, { "status": "affected", "version": "7.2(2)D1(2)" }, { "status": "affected", "version": "7.2(2)D1(1)" }, { "status": "affected", "version": "7.3(0)D1(1)" }, { "status": "affected", "version": "7.3(0)DX(1)" }, { "status": "affected", "version": "7.3(0)N1(1)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "9.3(12)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "10.2(3v)" }, { "status": "affected", "version": "10.2(6)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "10.3(3)" }, { "status": "affected", "version": "10.3(99w)" }, { "status": "affected", "version": "10.3(99x)" }, { "status": "affected", "version": "10.4(1)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. \r\n\r This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that is encapsulated within an MPLS frame to an MPLS-enabled interface of the targeted device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition.\r\n\r Note: The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-28T16:15:18.044Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-ipv6-mpls-dos-R9ycXkwM", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-mpls-dos-R9ycXkwM" } ], "source": { "advisory": "cisco-sa-ipv6-mpls-dos-R9ycXkwM", "defects": [ "CSCwh42690", "CSCva52387" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20267", "datePublished": "2024-02-28T16:15:18.044Z", "dateReserved": "2023-11-08T15:08:07.624Z", "dateUpdated": "2024-08-28T14:13:57.631Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1808
Vulnerability from cvelistv5
Published
2019-05-15 22:15
Modified
2024-11-20 17:19
Severity ?
EPSS score ?
Summary
Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-spsv | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108367 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.844Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-spsv" }, { "name": "108367", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108367" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1808", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:31.235511Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:19:27.801Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by loading an unsigned software patch on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "CWE-347", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-17T11:06:04", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-spsv" }, { "name": "108367", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108367" } ], "source": { "advisory": "cisco-sa-20190515-nxos-spsv", "defect": [ [ "CSCvi42248" ] ], "discovery": "INTERNAL" }, "title": "Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1808", "STATE": "PUBLIC", "TITLE": "Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by loading an unsigned software patch on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-347" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-spsv" }, { "name": "108367", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108367" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-spsv", "defect": [ [ "CSCvi42248" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1808", "datePublished": "2019-05-15T22:15:30.009622Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:19:27.801Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1368
Vulnerability from cvelistv5
Published
2021-02-24 19:30
Modified
2024-11-08 23:37
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-udld-rce-xetH6w35 | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:16.857Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210224 Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-udld-rce-xetH6w35" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1368", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:20:53.434491Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:37:56.190Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T19:30:49", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210224 Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-udld-rce-xetH6w35" } ], "source": { "advisory": "cisco-sa-nxos-udld-rce-xetH6w35", "defect": [ [ "CSCvv78238", "CSCvv96088", "CSCvv96090", "CSCvv96092", "CSCvv96107", "CSCvw38964", "CSCvw38981", "CSCvw38982", "CSCvw38983", "CSCvw38984", "CSCvw38995", "CSCvw45654" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-02-24T16:00:00", "ID": "CVE-2021-1368", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.8", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "20210224 Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-udld-rce-xetH6w35" } ] }, "source": { "advisory": "cisco-sa-nxos-udld-rce-xetH6w35", "defect": [ [ "CSCvv78238", "CSCvv96088", "CSCvv96090", "CSCvv96092", "CSCvv96107", "CSCvw38964", "CSCvw38981", "CSCvw38982", "CSCvw38983", "CSCvw38984", "CSCvw38995", "CSCvw45654" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1368", "datePublished": "2021-02-24T19:30:49.775173Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:37:56.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1969
Vulnerability from cvelistv5
Published
2019-08-29 21:50
Modified
2024-11-19 18:57
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-snmp-bypass | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:35:52.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190828 Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-snmp-bypass" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1969", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-19T17:23:17.371897Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-19T18:57:58.916Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "9.2(3)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-08-28T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-264", "description": "CWE-264", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-29T21:50:19", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190828 Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-snmp-bypass" } ], "source": { "advisory": "cisco-sa-20190828-nxos-snmp-bypass", "defect": [ [ "CSCvo17439" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-08-28T16:00:00-0700", "ID": "CVE-2019-1969", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "9.2(3)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.8", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-264" } ] } ] }, "references": { "reference_data": [ { "name": "20190828 Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-snmp-bypass" } ] }, "source": { "advisory": "cisco-sa-20190828-nxos-snmp-bypass", "defect": [ [ "CSCvo17439" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1969", "datePublished": "2019-08-29T21:50:19.965411Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-19T18:57:58.916Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1967
Vulnerability from cvelistv5
Published
2019-08-29 21:45
Modified
2024-11-19 18:58
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ntp-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:35:51.286Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190828 Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ntp-dos" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1967", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-19T17:23:18.708362Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-19T18:58:07.518Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(2)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-08-28T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-29T21:45:15", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190828 Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ntp-dos" } ], "source": { "advisory": "cisco-sa-20190828-nxos-ntp-dos", "defect": [ [ "CSCvm35740", "CSCvm51138", "CSCvm51139", "CSCvm51142" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-08-28T16:00:00-0700", "ID": "CVE-2019-1967", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(2)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-399" } ] } ] }, "references": { "reference_data": [ { "name": "20190828 Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ntp-dos" } ] }, "source": { "advisory": "cisco-sa-20190828-nxos-ntp-dos", "defect": [ [ "CSCvm35740", "CSCvm51138", "CSCvm51139", "CSCvm51142" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1967", "datePublished": "2019-08-29T21:45:15.166469Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-19T18:58:07.518Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1767
Vulnerability from cvelistv5
Published
2019-05-15 18:45
Modified
2024-11-20 17:22
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108386 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.722Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj" }, { "name": "108386", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108386" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1767", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:55:00.651175Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:22:19.231Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities. NX-OS versions prior to 8.3(1) are affected." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-20T15:06:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj" }, { "name": "108386", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108386" } ], "source": { "advisory": "cisco-sa-20190515-nxos-overflow-inj", "defect": [ [ "CSCvh76129", "CSCvh76132", "CSCvj00497", "CSCvj10162" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1767", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities. NX-OS versions prior to 8.3(1) are affected." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj" }, { "name": "108386", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108386" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-overflow-inj", "defect": [ [ "CSCvh76129", "CSCvh76132", "CSCvj00497", "CSCvj10162" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1767", "datePublished": "2019-05-15T18:45:18.115908Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:22:19.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20625
Vulnerability from cvelistv5
Published
2022-02-23 17:40
Modified
2024-11-06 16:29
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.933Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20220223 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20625", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-06T15:59:11.678425Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-06T16:29:50.135Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-23T17:40:15", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20220223 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG" } ], "source": { "advisory": "cisco-sa-cdp-dos-G8DPLWYG", "defect": [ [ "CSCvz72442", "CSCvz72462", "CSCvz72463", "CSCvz72464", "CSCvz72465", "CSCvz72466", "CSCvz72467", "CSCvz74433" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-02-23T16:00:00", "ID": "CVE-2022-20625", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.3", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-399" } ] } ] }, "references": { "reference_data": [ { "name": "20220223 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG" } ] }, "source": { "advisory": "cisco-sa-cdp-dos-G8DPLWYG", "defect": [ [ "CSCvz72442", "CSCvz72462", "CSCvz72463", "CSCvz72464", "CSCvz72465", "CSCvz72466", "CSCvz72467", "CSCvz74433" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20625", "datePublished": "2022-02-23T17:40:15.926880Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-06T16:29:50.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20446
Vulnerability from cvelistv5
Published
2024-08-28 16:31
Modified
2024-08-28 18:49
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:nx-os:10.2\\(1\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nx-os", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.2\\(1\\)" } ] }, { "cpes": [ "cpe:2.3:o:cisco:nx-os:10.2\\(1q\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nx-os", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.2\\(1q\\)" } ] }, { "cpes": [ "cpe:2.3:o:cisco:nx-os:9.3\\(9\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nx-os", "vendor": "cisco", "versions": [ { "status": "affected", "version": "9.3\\(9\\)" } ] }, { "cpes": [ "cpe:2.3:o:cisco:nx-os:8.2\\(11\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nx-os", "vendor": "cisco", "versions": [ { "status": "affected", "version": "8.2\\(11\\)" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20446", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-28T18:45:44.020456Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T18:49:32.927Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "8.2(11)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to any IPv6 address that is configured on an affected device. A successful exploit could allow the attacker to cause the dhcp_snoop process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-28T16:31:32.514Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn" } ], "source": { "advisory": "cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn", "defects": [ "CSCwk27906" ], "discovery": "EXTERNAL" }, "title": "Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20446", "datePublished": "2024-08-28T16:31:32.514Z", "dateReserved": "2023-11-08T15:08:07.678Z", "dateUpdated": "2024-08-28T18:49:32.927Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1732
Vulnerability from cvelistv5
Published
2019-05-15 16:50
Modified
2024-11-20 17:22
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-rpm-injec | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108361 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.300Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-rpm-injec" }, { "name": "108361", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108361" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1732", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:55:02.340631Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:22:27.579Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-17T09:06:06", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-rpm-injec" }, { "name": "108361", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108361" } ], "source": { "advisory": "cisco-sa-20190515-nxos-rpm-injec", "defect": [ [ "CSCvi01453", "CSCvj00550" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1732", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.4", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-rpm-injec" }, { "name": "108361", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108361" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-rpm-injec", "defect": [ [ "CSCvi01453", "CSCvj00550" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1732", "datePublished": "2019-05-15T16:50:29.893438Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:22:27.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1733
Vulnerability from cvelistv5
Published
2019-05-15 16:50
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-nxapi-xss | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108348 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:41.043Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-nxapi-xss" }, { "name": "108348", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108348" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this vulnerability by persuading a user of the NX-API Sandbox interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected NX-API Sandbox interface." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-16T16:06:22", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-nxapi-xss" }, { "name": "108348", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108348" } ], "source": { "advisory": "cisco-sa-20190515-nxos-nxapi-xss", "defect": [ [ "CSCvj14814" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1733", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this vulnerability by persuading a user of the NX-API Sandbox interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected NX-API Sandbox interface." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.4", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-nxapi-xss" }, { "name": "108348", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108348" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-nxapi-xss", "defect": [ [ "CSCvj14814" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1733", "datePublished": "2019-05-15T16:50:21.433983Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-17T00:46:29.415Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1587
Vulnerability from cvelistv5
Published
2021-08-25 19:11
Modified
2024-11-07 22:02
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:10.415Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210825 Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1587", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-07T21:54:27.093740Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-07T22:02:26.359Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific packets with a Transparent Interconnection of Lots of Links (TRILL) OAM EtherType. An attacker could exploit this vulnerability by sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN (EVPN) fabric. A successful exploit could allow the attacker to cause an affected device to experience high CPU usage and consume excessive system resources, which may result in overall control plane instability and cause the affected device to reload. Note: The NGOAM feature is disabled by default." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-115", "description": "CWE-115", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-25T19:11:06", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210825 Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv" } ], "source": { "advisory": "cisco-sa-nxos-ngoam-dos-LTDb9Hv", "defect": [ [ "CSCvx66917" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-08-25T16:00:00", "ID": "CVE-2021-1587", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific packets with a Transparent Interconnection of Lots of Links (TRILL) OAM EtherType. An attacker could exploit this vulnerability by sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN (EVPN) fabric. A successful exploit could allow the attacker to cause an affected device to experience high CPU usage and consume excessive system resources, which may result in overall control plane instability and cause the affected device to reload. Note: The NGOAM feature is disabled by default." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-115" } ] } ] }, "references": { "reference_data": [ { "name": "20210825 Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv" } ] }, "source": { "advisory": "cisco-sa-nxos-ngoam-dos-LTDb9Hv", "defect": [ [ "CSCvx66917" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1587", "datePublished": "2021-08-25T19:11:06.170453Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-07T22:02:26.359Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3517
Vulnerability from cvelistv5
Published
2020-08-27 15:40
Modified
2024-11-13 18:09
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-cfs-dos-dAmnymbd | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:37:54.679Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200826 Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-cfs-dos-dAmnymbd" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3517", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:13:07.454503Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T18:09:30.343Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-08-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-27T15:40:48", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200826 Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-cfs-dos-dAmnymbd" } ], "source": { "advisory": "cisco-sa-fxos-nxos-cfs-dos-dAmnymbd", "defect": [ [ "CSCvt39630", "CSCvt46835", "CSCvt46837", "CSCvt46838", "CSCvt46839", "CSCvt46877" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-08-26T16:00:00", "ID": "CVE-2020-3517", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476" } ] } ] }, "references": { "reference_data": [ { "name": "20200826 Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-cfs-dos-dAmnymbd" } ] }, "source": { "advisory": "cisco-sa-fxos-nxos-cfs-dos-dAmnymbd", "defect": [ [ "CSCvt39630", "CSCvt46835", "CSCvt46837", "CSCvt46838", "CSCvt46839", "CSCvt46877" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3517", "datePublished": "2020-08-27T15:40:48.124786Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T18:09:30.343Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20624
Vulnerability from cvelistv5
Published
2022-02-23 17:40
Modified
2024-11-06 16:29
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.991Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20220223 Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20624", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-06T16:01:53.642987Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-06T16:29:42.741Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-23T17:40:21", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20220223 Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr" } ], "source": { "advisory": "cisco-sa-cfsoip-dos-tpykyDr", "defect": [ [ "CSCvy95696", "CSCvy95840" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-02-23T16:00:00", "ID": "CVE-2022-20624", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400" } ] } ] }, "references": { "reference_data": [ { "name": "20220223 Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr" } ] }, "source": { "advisory": "cisco-sa-cfsoip-dos-tpykyDr", "defect": [ [ "CSCvy95696", "CSCvy95840" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20624", "datePublished": "2022-02-23T17:40:21.653325Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-06T16:29:42.741Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1783
Vulnerability from cvelistv5
Published
2019-05-15 20:05
Modified
2024-11-20 17:20
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1783 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108370 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.745Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1783)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1783" }, { "name": "108370", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108370" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1783", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:39.377802Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:20:14.395Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-17T12:06:06", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1783)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1783" }, { "name": "108370", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108370" } ], "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1783", "defect": [ [ "CSCvi42281", "CSCvj03966" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1783", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1783)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1783" }, { "name": "108370", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108370" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1783", "defect": [ [ "CSCvi42281", "CSCvj03966" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1783", "datePublished": "2019-05-15T20:05:29.910200Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:20:14.395Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20284
Vulnerability from cvelistv5
Published
2024-08-28 16:37
Modified
2024-08-28 17:19
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Python Parser Escape Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20284", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-28T17:19:10.303470Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T17:19:17.361Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "8.2(5)" }, { "status": "affected", "version": "7.3(6)N1(1a)" }, { "status": "affected", "version": "7.3(5)D1(1)" }, { "status": "affected", "version": "8.4(2)" }, { "status": "affected", "version": "7.3(6)N1(1)" }, { "status": "affected", "version": "6.2(2)" }, { "status": "affected", "version": "8.4(3)" }, { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "7.0(3)I5(2)" }, { "status": "affected", "version": "8.2(1)" }, { "status": "affected", "version": "6.0(2)A8(7a)" }, { "status": "affected", "version": "7.0(3)I4(5)" }, { "status": "affected", "version": "6.0(2)A6(1)" }, { "status": "affected", "version": "7.3(1)D1(1)" }, { "status": "affected", "version": "6.2(14a)" }, { "status": "affected", "version": "7.0(3)I4(6)" }, { "status": "affected", "version": "7.3(4)N1(1)" }, { "status": "affected", "version": "7.0(3)I4(3)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "6.0(2)A6(5b)" }, { "status": "affected", "version": "7.3(0)D1(1)" }, { "status": "affected", "version": "6.2(17a)" }, { "status": "affected", "version": "7.0(3)I4(7)" }, { "status": "affected", "version": "6.0(2)U6(1a)" }, { "status": "affected", "version": "7.1(5)N1(1b)" }, { "status": "affected", "version": "7.0(3)I4(1)" }, { "status": "affected", "version": "7.0(3)I4(8)" }, { "status": "affected", "version": "7.0(3)I4(2)" }, { "status": "affected", "version": "7.1(4)N1(1c)" }, { "status": "affected", "version": "7.0(3)IM3(1)" }, { "status": "affected", "version": "6.0(2)U6(5a)" }, { "status": "affected", "version": "6.0(2)A8(11)" }, { "status": "affected", "version": "6.0(2)A6(4a)" }, { "status": "affected", "version": "6.2(9)" }, { "status": "affected", "version": "6.2(5)" }, { "status": "affected", "version": "7.3(4)D1(1)" }, { "status": "affected", "version": "6.2(20)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3y)" }, { "status": "affected", "version": "7.0(3)I4(1t)" }, { "status": "affected", "version": "6.0(2)U6(5c)" }, { "status": "affected", "version": "6.0(2)A6(4)" }, { "status": "affected", "version": "7.0(3)I7(6z)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "7.3(1)DY(1)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "6.0(2)U6(6)" }, { "status": "affected", "version": "6.2(29)" }, { "status": "affected", "version": "7.0(3)I7(3z)" }, { "status": "affected", "version": "7.0(3)IM7(2)" }, { "status": "affected", "version": "6.0(2)A8(11b)" }, { "status": "affected", "version": "6.2(9a)" }, { "status": "affected", "version": "7.3(0)N1(1)" }, { "status": "affected", "version": "7.0(3)I7(5a)" }, { "status": "affected", "version": "6.2(11d)" }, { "status": "affected", "version": "8.1(1)" }, { "status": "affected", "version": "7.0(3)I6(1)" }, { "status": "affected", "version": "6.0(2)U6(10)" }, { "status": "affected", "version": "7.2(2)D1(2)" }, { "status": "affected", "version": "7.0(3)IM3(2)" }, { "status": "affected", "version": "6.0(2)A6(8)" }, { "status": "affected", "version": "8.2(2)" }, { "status": "affected", "version": "6.0(2)U6(1)" }, { "status": "affected", "version": "7.3(2)N1(1c)" }, { "status": "affected", "version": "7.0(3)I5(3b)" }, { "status": "affected", "version": "8.3(2)" }, { "status": "affected", "version": "7.3(5)N1(1)" }, { "status": "affected", "version": "6.0(2)A6(2a)" }, { "status": "affected", "version": "7.3(2)N1(1b)" }, { "status": "affected", "version": "6.2(27)" }, { "status": "affected", "version": "7.3(2)D1(3a)" }, { "status": "affected", "version": "7.3(1)N1(1)" }, { "status": "affected", "version": "6.0(2)U6(7)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "7.1(4)N1(1a)" }, { "status": "affected", "version": "7.1(3)N1(4)" }, { "status": "affected", "version": "7.0(3)IM3(2a)" }, { "status": "affected", "version": "6.2(8b)" }, { "status": "affected", "version": "6.0(2)A8(10)" }, { "status": "affected", "version": "7.1(3)N1(2)" }, { "status": "affected", "version": "6.2(13)" }, { "status": "affected", "version": "6.0(2)A8(2)" }, { "status": "affected", "version": "7.0(3)IC4(4)" }, { "status": "affected", "version": "6.2(1)" }, { "status": "affected", "version": "7.3(4)N1(1a)" }, { "status": "affected", "version": "8.1(2)" }, { "status": "affected", "version": "6.0(2)A6(3)" }, { "status": "affected", "version": "6.0(2)U6(5b)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.3(3)D1(1)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "6.0(2)U6(5)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "7.1(2)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(3)" }, { "status": "affected", "version": "8.2(3)" }, { "status": "affected", "version": "6.0(2)A6(7)" }, { "status": "affected", "version": "7.0(3)I7(2)" }, { "status": "affected", "version": "6.2(5a)" }, { "status": "affected", "version": "6.2(18)" }, { "status": "affected", "version": "6.0(2)A6(5)" }, { "status": "affected", "version": "7.0(3)IM3(2b)" }, { "status": "affected", "version": "7.1(3)N1(1)" }, { "status": "affected", "version": "6.0(2)U6(4a)" }, { "status": "affected", "version": "7.0(3)I5(3)" }, { "status": "affected", "version": "7.0(3)I7(3)" }, { "status": "affected", "version": "6.0(2)A8(6)" }, { "status": "affected", "version": "7.0(3)I6(2)" }, { "status": "affected", "version": "8.3(1)" }, { "status": "affected", "version": "6.2(3)" }, { "status": "affected", "version": "6.2(22)" }, { "status": "affected", "version": "7.1(1)N1(1)" }, { "status": "affected", "version": "8.4(1)" }, { "status": "affected", "version": "8.1(1b)" }, { "status": "affected", "version": "7.3(0)N1(1b)" }, { "status": "affected", "version": "7.2(2)D1(4)" }, { "status": "affected", "version": "6.0(2)A8(5)" }, { "status": "affected", "version": "7.3(0)DX(1)" }, { "status": "affected", "version": "7.1(4)N1(1d)" }, { "status": "affected", "version": "7.3(2)D1(1)" }, { "status": "affected", "version": "7.3(2)N1(1)" }, { "status": "affected", "version": "6.0(2)U6(8)" }, { "status": "affected", "version": "7.1(1)N1(1a)" }, { "status": "affected", "version": "7.0(3)IM3(3)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "6.0(2)U6(2)" }, { "status": "affected", "version": "6.2(9b)" }, { "status": "affected", "version": "7.1(3)N1(2a)" }, { "status": "affected", "version": "7.3(0)N1(1a)" }, { "status": "affected", "version": "6.0(2)A8(7)" }, { "status": "affected", "version": "7.0(3)I7(6)" }, { "status": "affected", "version": "7.3(2)D1(2)" }, { "status": "affected", "version": "6.2(25)" }, { "status": "affected", "version": "6.0(2)U6(3a)" }, { "status": "affected", "version": "8.0(1)" }, { "status": "affected", "version": "6.0(2)A8(11a)" }, { "status": "affected", "version": "6.2(11e)" }, { "status": "affected", "version": "7.1(3)N1(5)" }, { "status": "affected", "version": "7.0(3)I4(8z)" }, { "status": "affected", "version": "6.2(11)" }, { "status": "affected", "version": "7.0(3)I4(9)" }, { "status": "affected", "version": "6.2(16)" }, { "status": "affected", "version": "6.2(19)" }, { "status": "affected", "version": "8.2(4)" }, { "status": "affected", "version": "6.2(2a)" }, { "status": "affected", "version": "7.2(2)D1(3)" }, { "status": "affected", "version": "7.1(0)N1(1b)" }, { "status": "affected", "version": "7.0(3)I7(4)" }, { "status": "affected", "version": "7.0(3)I7(7)" }, { "status": "affected", "version": "6.2(5b)" }, { "status": "affected", "version": "7.3(0)DY(1)" }, { "status": "affected", "version": "6.0(2)A8(9)" }, { "status": "affected", "version": "6.0(2)A8(1)" }, { "status": "affected", "version": "7.1(5)N1(1)" }, { "status": "affected", "version": "7.2(1)D1(1)" }, { "status": "affected", "version": "6.2(15)" }, { "status": "affected", "version": "6.0(2)A6(6)" }, { "status": "affected", "version": "6.0(2)A8(10a)" }, { "status": "affected", "version": "7.0(3)I5(1)" }, { "status": "affected", "version": "9.3(1z)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "6.2(7)" }, { "status": "affected", "version": "6.2(9c)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "7.3(3)N1(1)" }, { "status": "affected", "version": "6.2(6b)" }, { "status": "affected", "version": "7.0(3)I4(8b)" }, { "status": "affected", "version": "8.1(2a)" }, { "status": "affected", "version": "7.3(2)D1(3)" }, { "status": "affected", "version": "6.2(8)" }, { "status": "affected", "version": "6.0(2)A8(3)" }, { "status": "affected", "version": "6.2(11b)" }, { "status": "affected", "version": "7.0(3)I4(6t)" }, { "status": "affected", "version": "7.0(3)I5(3a)" }, { "status": "affected", "version": "8.1(1a)" }, { "status": "affected", "version": "6.2(13a)" }, { "status": "affected", "version": "6.0(2)A8(8)" }, { "status": "affected", "version": "7.0(3)I7(5)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "7.1(0)N1(1a)" }, { "status": "affected", "version": "6.0(2)A8(4)" }, { "status": "affected", "version": "6.0(2)A6(3a)" }, { "status": "affected", "version": "6.0(2)A6(5a)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)I4(8a)" }, { "status": "affected", "version": "6.0(2)U6(9)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "6.0(2)U6(2a)" }, { "status": "affected", "version": "6.2(12)" }, { "status": "affected", "version": "6.2(17)" }, { "status": "affected", "version": "7.0(3)I4(4)" }, { "status": "affected", "version": "6.2(23)" }, { "status": "affected", "version": "6.2(13b)" }, { "status": "affected", "version": "6.0(2)U6(3)" }, { "status": "affected", "version": "6.2(10)" }, { "status": "affected", "version": "6.2(6a)" }, { "status": "affected", "version": "6.2(6)" }, { "status": "affected", "version": "7.1(2)N1(1a)" }, { "status": "affected", "version": "6.2(14)" }, { "status": "affected", "version": "7.0(3)I7(1)" }, { "status": "affected", "version": "6.2(14b)" }, { "status": "affected", "version": "6.2(21)" }, { "status": "affected", "version": "7.2(2)D1(1)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)IA7(2)" }, { "status": "affected", "version": "7.0(3)IA7(1)" }, { "status": "affected", "version": "6.0(2)A8(7b)" }, { "status": "affected", "version": "6.2(8a)" }, { "status": "affected", "version": "6.2(11c)" }, { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "6.0(2)A6(1a)" }, { "status": "affected", "version": "7.1(0)N1(1)" }, { "status": "affected", "version": "7.2(0)D1(1)" }, { "status": "affected", "version": "6.0(2)A6(2)" }, { "status": "affected", "version": "7.1(4)N1(1)" }, { "status": "affected", "version": "6.0(2)A8(4a)" }, { "status": "affected", "version": "6.2(20a)" }, { "status": "affected", "version": "6.0(2)U6(4)" }, { "status": "affected", "version": "8.4(1a)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "7.3(2)D1(1d)" }, { "status": "affected", "version": "7.3(7)N1(1)" }, { "status": "affected", "version": "6.2(24)" }, { "status": "affected", "version": "6.2(31)" }, { "status": "affected", "version": "7.0(3)I7(8)" }, { "status": "affected", "version": "6.0(2)U6(10a)" }, { "status": "affected", "version": "7.3(7)N1(1a)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "7.3(6)D1(1)" }, { "status": "affected", "version": "6.2(26)" }, { "status": "affected", "version": "8.2(6)" }, { "status": "affected", "version": "6.2(33)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "8.4(2a)" }, { "status": "affected", "version": "8.4(2b)" }, { "status": "affected", "version": "7.3(8)N1(1)" }, { "status": "affected", "version": "7.0(3)I7(9)" }, { "status": "affected", "version": "7.3(7)N1(1b)" }, { "status": "affected", "version": "6.2(24a)" }, { "status": "affected", "version": "8.5(1)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "8.4(4)" }, { "status": "affected", "version": "7.3(7)D1(1)" }, { "status": "affected", "version": "8.4(2c)" }, { "status": "affected", "version": "9.3(5w)" }, { "status": "affected", "version": "8.2(7)" }, { "status": "affected", "version": "7.3(9)N1(1)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7k)" }, { "status": "affected", "version": "7.0(3)I7(9w)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "7.3(8)N1(1a)" }, { "status": "affected", "version": "7.3(8)D1(1)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "8.2(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "8.4(4a)" }, { "status": "affected", "version": "8.4(2d)" }, { "status": "affected", "version": "7.3(10)N1(1)" }, { "status": "affected", "version": "8.4(5)" }, { "status": "affected", "version": "7.0(3)I7(10)" }, { "status": "affected", "version": "7.3(8)N1(1b)" }, { "status": "affected", "version": "8.2(8)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "7.3(9)D1(1)" }, { "status": "affected", "version": "7.3(11)N1(1)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "8.4(6)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "8.4(2e)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "7.3(11)N1(1a)" }, { "status": "affected", "version": "10.2(2a)" }, { "status": "affected", "version": "7.3(12)N1(1)" }, { "status": "affected", "version": "9.2(1a)" }, { "status": "affected", "version": "8.2(9)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "7.3(13)N1(1)" }, { "status": "affected", "version": "8.4(7)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "8.4(6a)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "10.3(3)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "9.4(1)" }, { "status": "affected", "version": "9.3(2a)" }, { "status": "affected", "version": "8.4(2f)" }, { "status": "affected", "version": "8.2(10)" }, { "status": "affected", "version": "9.3(12)" }, { "status": "affected", "version": "10.2(3v)" }, { "status": "affected", "version": "10.4(1)" }, { "status": "affected", "version": "8.4(8)" }, { "status": "affected", "version": "10.3(99w)" }, { "status": "affected", "version": "7.3(14)N1(1)" }, { "status": "affected", "version": "10.2(6)" }, { "status": "affected", "version": "10.3(3w)" }, { "status": "affected", "version": "10.3(99x)" }, { "status": "affected", "version": "10.3(3o)" }, { "status": "affected", "version": "8.4(9)" }, { "status": "affected", "version": "10.3(4)" }, { "status": "affected", "version": "10.3(3p)" }, { "status": "affected", "version": "10.3(4a)" }, { "status": "affected", "version": "9.4(1a)" }, { "status": "affected", "version": "10.4(2)" }, { "status": "affected", "version": "10.3(3q)" }, { "status": "affected", "version": "9.3(13)" }, { "status": "affected", "version": "8.2(11)" }, { "status": "affected", "version": "10.3(5)" }, { "status": "affected", "version": "10.2(7)" }, { "status": "affected", "version": "10.4(3)" }, { "status": "affected", "version": "10.3(3x)" }, { "status": "affected", "version": "10.3(4g)" }, { "status": "affected", "version": "10.3(3r)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.\r\n\r\nThe vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.\u0026nbsp;\r\nNote: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-693", "description": "Protection Mechanism Failure", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-28T16:37:35.281Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-psbe-ce-YvbTn5du", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du" }, { "name": "Cisco NX-OS Security with Python", "url": "https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410" } ], "source": { "advisory": "cisco-sa-nxos-psbe-ce-YvbTn5du", "defects": [ "CSCwh77779" ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Python Parser Escape Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20284", "datePublished": "2024-08-28T16:37:35.281Z", "dateReserved": "2023-11-08T15:08:07.626Z", "dateUpdated": "2024-08-28T17:19:17.361Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1729
Vulnerability from cvelistv5
Published
2019-05-15 16:45
Modified
2024-11-20 17:22
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Arbitrary File Overwrite Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108378 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:41.640Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Arbitrary File Overwrite Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write" }, { "name": "108378", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108378" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1729", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:55:05.367201Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:22:44.267Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no verification of user-input parameters and or digital-signature verification for image files when using a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device and issuing a command at the CLI. Because an exploit could allow the attacker to overwrite any file on the disk, including system files, a denial of service (DoS) condition could occur. The attacker must have valid administrator credentials for the affected device to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-20T14:06:08", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Arbitrary File Overwrite Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write" }, { "name": "108378", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108378" } ], "source": { "advisory": "cisco-sa-20190515-nxos-file-write", "defect": [ [ "CSCvh76022", "CSCvj03856" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Arbitrary File Overwrite Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1729", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Arbitrary File Overwrite Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no verification of user-input parameters and or digital-signature verification for image files when using a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device and issuing a command at the CLI. Because an exploit could allow the attacker to overwrite any file on the disk, including system files, a denial of service (DoS) condition could occur. The attacker must have valid administrator credentials for the affected device to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Arbitrary File Overwrite Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write" }, { "name": "108378", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108378" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-file-write", "defect": [ [ "CSCvh76022", "CSCvj03856" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1729", "datePublished": "2019-05-15T16:45:16.339171Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:22:44.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3397
Vulnerability from cvelistv5
Published
2020-08-27 15:40
Modified
2024-11-13 18:09
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Border Gateway Protocol Multicast VPN Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-nlri-dos-458rG2OQ | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:30:58.213Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200826 Cisco NX-OS Software Border Gateway Protocol Multicast VPN Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-nlri-dos-458rG2OQ" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3397", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:13:09.910461Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T18:09:56.819Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-08-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-27T15:40:34", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200826 Cisco NX-OS Software Border Gateway Protocol Multicast VPN Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-nlri-dos-458rG2OQ" } ], "source": { "advisory": "cisco-sa-nxosbgp-nlri-dos-458rG2OQ", "defect": [ [ "CSCvr58652" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Border Gateway Protocol Multicast VPN Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-08-26T16:00:00", "ID": "CVE-2020-3397", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Border Gateway Protocol Multicast VPN Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20200826 Cisco NX-OS Software Border Gateway Protocol Multicast VPN Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-nlri-dos-458rG2OQ" } ] }, "source": { "advisory": "cisco-sa-nxosbgp-nlri-dos-458rG2OQ", "defect": [ [ "CSCvr58652" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3397", "datePublished": "2020-08-27T15:40:34.148007Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T18:09:56.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20286
Vulnerability from cvelistv5
Published
2024-08-28 16:37
Modified
2024-08-28 17:23
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Python Parser Escape Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20286", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-28T17:23:47.624528Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T17:23:56.426Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "8.2(5)" }, { "status": "affected", "version": "7.3(5)D1(1)" }, { "status": "affected", "version": "8.4(2)" }, { "status": "affected", "version": "6.2(2)" }, { "status": "affected", "version": "8.4(3)" }, { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "7.0(3)I5(2)" }, { "status": "affected", "version": "8.2(1)" }, { "status": "affected", "version": "6.0(2)A8(7a)" }, { "status": "affected", "version": "7.0(3)I4(5)" }, { "status": "affected", "version": "6.0(2)A6(1)" }, { "status": "affected", "version": "7.3(1)D1(1)" }, { "status": "affected", "version": "6.2(14a)" }, { "status": "affected", "version": "7.0(3)I4(6)" }, { "status": "affected", "version": "7.0(3)I4(3)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "6.0(2)A6(5b)" }, { "status": "affected", "version": "7.3(0)D1(1)" }, { "status": "affected", "version": "6.2(17a)" }, { "status": "affected", "version": "7.0(3)I4(7)" }, { "status": "affected", "version": "6.0(2)U6(1a)" }, { "status": "affected", "version": "7.0(3)I4(1)" }, { "status": "affected", "version": "7.0(3)I4(8)" }, { "status": "affected", "version": "7.0(3)I4(2)" }, { "status": "affected", "version": "7.0(3)IM3(1)" }, { "status": "affected", "version": "6.0(2)U6(5a)" }, { "status": "affected", "version": "6.0(2)A8(11)" }, { "status": "affected", "version": "6.0(2)A6(4a)" }, { "status": "affected", "version": "6.2(9)" }, { "status": "affected", "version": "6.2(5)" }, { "status": "affected", "version": "7.3(4)D1(1)" }, { "status": "affected", "version": "6.2(20)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3y)" }, { "status": "affected", "version": "7.0(3)I4(1t)" }, { "status": "affected", "version": "6.0(2)U6(5c)" }, { "status": "affected", "version": "6.0(2)A6(4)" }, { "status": "affected", "version": "7.0(3)I7(6z)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "7.3(1)DY(1)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "6.0(2)U6(6)" }, { "status": "affected", "version": "6.2(29)" }, { "status": "affected", "version": "7.0(3)I7(3z)" }, { "status": "affected", "version": "7.0(3)IM7(2)" }, { "status": "affected", "version": "6.0(2)A8(11b)" }, { "status": "affected", "version": "6.2(9a)" }, { "status": "affected", "version": "7.0(3)I7(5a)" }, { "status": "affected", "version": "6.2(11d)" }, { "status": "affected", "version": "8.1(1)" }, { "status": "affected", "version": "7.0(3)I6(1)" }, { "status": "affected", "version": "6.0(2)U6(10)" }, { "status": "affected", "version": "7.2(2)D1(2)" }, { "status": "affected", "version": "7.0(3)IM3(2)" }, { "status": "affected", "version": "6.0(2)A6(8)" }, { "status": "affected", "version": "8.2(2)" }, { "status": "affected", "version": "6.0(2)U6(1)" }, { "status": "affected", "version": "7.0(3)I5(3b)" }, { "status": "affected", "version": "8.3(2)" }, { "status": "affected", "version": "6.0(2)A6(2a)" }, { "status": "affected", "version": "6.2(27)" }, { "status": "affected", "version": "7.3(2)D1(3a)" }, { "status": "affected", "version": "6.0(2)U6(7)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "7.0(3)IM3(2a)" }, { "status": "affected", "version": "6.2(8b)" }, { "status": "affected", "version": "6.0(2)A8(10)" }, { "status": "affected", "version": "6.2(13)" }, { "status": "affected", "version": "6.0(2)A8(2)" }, { "status": "affected", "version": "7.0(3)IC4(4)" }, { "status": "affected", "version": "6.2(1)" }, { "status": "affected", "version": "8.1(2)" }, { "status": "affected", "version": "6.0(2)A6(3)" }, { "status": "affected", "version": "6.0(2)U6(5b)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.3(3)D1(1)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "6.0(2)U6(5)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "8.2(3)" }, { "status": "affected", "version": "6.0(2)A6(7)" }, { "status": "affected", "version": "7.0(3)I7(2)" }, { "status": "affected", "version": "6.2(5a)" }, { "status": "affected", "version": "6.2(18)" }, { "status": "affected", "version": "6.0(2)A6(5)" }, { "status": "affected", "version": "7.0(3)IM3(2b)" }, { "status": "affected", "version": "6.0(2)U6(4a)" }, { "status": "affected", "version": "7.0(3)I5(3)" }, { "status": "affected", "version": "7.0(3)I7(3)" }, { "status": "affected", "version": "6.0(2)A8(6)" }, { "status": "affected", "version": "7.0(3)I6(2)" }, { "status": "affected", "version": "8.3(1)" }, { "status": "affected", "version": "6.2(3)" }, { "status": "affected", "version": "6.2(22)" }, { "status": "affected", "version": "8.4(1)" }, { "status": "affected", "version": "8.1(1b)" }, { "status": "affected", "version": "7.2(2)D1(4)" }, { "status": "affected", "version": "6.0(2)A8(5)" }, { "status": "affected", "version": "7.3(0)DX(1)" }, { "status": "affected", "version": "7.3(2)D1(1)" }, { "status": "affected", "version": "6.0(2)U6(8)" }, { "status": "affected", "version": "7.0(3)IM3(3)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "6.0(2)U6(2)" }, { "status": "affected", "version": "6.2(9b)" }, { "status": "affected", "version": "6.0(2)A8(7)" }, { "status": "affected", "version": "7.0(3)I7(6)" }, { "status": "affected", "version": "7.3(2)D1(2)" }, { "status": "affected", "version": "6.2(25)" }, { "status": "affected", "version": "6.0(2)U6(3a)" }, { "status": "affected", "version": "8.0(1)" }, { "status": "affected", "version": "6.0(2)A8(11a)" }, { "status": "affected", "version": "6.2(11e)" }, { "status": "affected", "version": "7.0(3)I4(8z)" }, { "status": "affected", "version": "6.2(11)" }, { "status": "affected", "version": "7.0(3)I4(9)" }, { "status": "affected", "version": "6.2(16)" }, { "status": "affected", "version": "6.2(19)" }, { "status": "affected", "version": "8.2(4)" }, { "status": "affected", "version": "6.2(2a)" }, { "status": "affected", "version": "7.2(2)D1(3)" }, { "status": "affected", "version": "7.0(3)I7(4)" }, { "status": "affected", "version": "7.0(3)I7(7)" }, { "status": "affected", "version": "6.2(5b)" }, { "status": "affected", "version": "7.3(0)DY(1)" }, { "status": "affected", "version": "6.0(2)A8(9)" }, { "status": "affected", "version": "6.0(2)A8(1)" }, { "status": "affected", "version": "7.2(1)D1(1)" }, { "status": "affected", "version": "6.2(15)" }, { "status": "affected", "version": "6.0(2)A6(6)" }, { "status": "affected", "version": "6.0(2)A8(10a)" }, { "status": "affected", "version": "7.0(3)I5(1)" }, { "status": "affected", "version": "9.3(1z)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "6.2(7)" }, { "status": "affected", "version": "6.2(9c)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "6.2(6b)" }, { "status": "affected", "version": "7.0(3)I4(8b)" }, { "status": "affected", "version": "8.1(2a)" }, { "status": "affected", "version": "7.3(2)D1(3)" }, { "status": "affected", "version": "6.2(8)" }, { "status": "affected", "version": "6.0(2)A8(3)" }, { "status": "affected", "version": "6.2(11b)" }, { "status": "affected", "version": "7.0(3)I4(6t)" }, { "status": "affected", "version": "7.0(3)I5(3a)" }, { "status": "affected", "version": "8.1(1a)" }, { "status": "affected", "version": "6.2(13a)" }, { "status": "affected", "version": "6.0(2)A8(8)" }, { "status": "affected", "version": "7.0(3)I7(5)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "6.0(2)A8(4)" }, { "status": "affected", "version": "6.0(2)A6(3a)" }, { "status": "affected", "version": "6.0(2)A6(5a)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)I4(8a)" }, { "status": "affected", "version": "6.0(2)U6(9)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "6.0(2)U6(2a)" }, { "status": "affected", "version": "6.2(12)" }, { "status": "affected", "version": "6.2(17)" }, { "status": "affected", "version": "7.0(3)I4(4)" }, { "status": "affected", "version": "6.2(23)" }, { "status": "affected", "version": "6.2(13b)" }, { "status": "affected", "version": "6.0(2)U6(3)" }, { "status": "affected", "version": "6.2(10)" }, { "status": "affected", "version": "6.2(6a)" }, { "status": "affected", "version": "6.2(6)" }, { "status": "affected", "version": "6.2(14)" }, { "status": "affected", "version": "7.0(3)I7(1)" }, { "status": "affected", "version": "6.2(14b)" }, { "status": "affected", "version": "6.2(21)" }, { "status": "affected", "version": "7.2(2)D1(1)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)IA7(2)" }, { "status": "affected", "version": "7.0(3)IA7(1)" }, { "status": "affected", "version": "6.0(2)A8(7b)" }, { "status": "affected", "version": "6.2(8a)" }, { "status": "affected", "version": "6.2(11c)" }, { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "6.0(2)A6(1a)" }, { "status": "affected", "version": "7.2(0)D1(1)" }, { "status": "affected", "version": "6.0(2)A6(2)" }, { "status": "affected", "version": "6.0(2)A8(4a)" }, { "status": "affected", "version": "6.2(20a)" }, { "status": "affected", "version": "6.0(2)U6(4)" }, { "status": "affected", "version": "8.4(1a)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "7.3(2)D1(1d)" }, { "status": "affected", "version": "6.2(24)" }, { "status": "affected", "version": "6.2(31)" }, { "status": "affected", "version": "7.0(3)I7(8)" }, { "status": "affected", "version": "6.0(2)U6(10a)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "7.3(6)D1(1)" }, { "status": "affected", "version": "6.2(26)" }, { "status": "affected", "version": "8.2(6)" }, { "status": "affected", "version": "6.2(33)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "8.4(2a)" }, { "status": "affected", "version": "8.4(2b)" }, { "status": "affected", "version": "7.0(3)I7(9)" }, { "status": "affected", "version": "6.2(24a)" }, { "status": "affected", "version": "8.5(1)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "8.4(4)" }, { "status": "affected", "version": "7.3(7)D1(1)" }, { "status": "affected", "version": "8.4(2c)" }, { "status": "affected", "version": "9.3(5w)" }, { "status": "affected", "version": "8.2(7)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7k)" }, { "status": "affected", "version": "7.0(3)I7(9w)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "7.3(8)D1(1)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "8.2(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "8.4(4a)" }, { "status": "affected", "version": "8.4(2d)" }, { "status": "affected", "version": "8.4(5)" }, { "status": "affected", "version": "7.0(3)I7(10)" }, { "status": "affected", "version": "8.2(8)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "7.3(9)D1(1)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "8.4(6)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "8.4(2e)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "10.2(2a)" }, { "status": "affected", "version": "9.2(1a)" }, { "status": "affected", "version": "8.2(9)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "8.4(7)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "8.4(6a)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "10.3(3)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "9.4(1)" }, { "status": "affected", "version": "9.3(2a)" }, { "status": "affected", "version": "8.4(2f)" }, { "status": "affected", "version": "8.2(10)" }, { "status": "affected", "version": "9.3(12)" }, { "status": "affected", "version": "10.2(3v)" }, { "status": "affected", "version": "10.4(1)" }, { "status": "affected", "version": "8.4(8)" }, { "status": "affected", "version": "10.3(99w)" }, { "status": "affected", "version": "10.2(6)" }, { "status": "affected", "version": "10.3(3w)" }, { "status": "affected", "version": "10.3(99x)" }, { "status": "affected", "version": "10.3(3o)" }, { "status": "affected", "version": "8.4(9)" }, { "status": "affected", "version": "10.3(4)" }, { "status": "affected", "version": "10.3(3p)" }, { "status": "affected", "version": "10.3(4a)" }, { "status": "affected", "version": "9.4(1a)" }, { "status": "affected", "version": "10.4(2)" }, { "status": "affected", "version": "10.3(3q)" }, { "status": "affected", "version": "9.3(13)" }, { "status": "affected", "version": "10.2(7)" }, { "status": "affected", "version": "10.3(3x)" }, { "status": "affected", "version": "10.3(4g)" }, { "status": "affected", "version": "10.3(3r)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.\r\n\r\nThe vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.\u0026nbsp;\r\nNote: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-693", "description": "Protection Mechanism Failure", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-28T16:37:17.319Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-psbe-ce-YvbTn5du", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du" }, { "name": "Cisco NX-OS Security with Python", "url": "https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410" } ], "source": { "advisory": "cisco-sa-nxos-psbe-ce-YvbTn5du", "defects": [ "CSCwh77781" ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Python Parser Escape Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20286", "datePublished": "2024-08-28T16:37:17.319Z", "dateReserved": "2023-11-08T15:08:07.626Z", "dateUpdated": "2024-08-28T17:23:56.426Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1778
Vulnerability from cvelistv5
Published
2019-05-15 19:35
Modified
2024-11-20 17:21
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108362 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.803Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1778)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778" }, { "name": "108362", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108362" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1778", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:47.709639Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:21:05.402Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "7.0(3)I7(4)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-17T12:06:06", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1778)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778" }, { "name": "108362", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108362" } ], "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1778", "defect": [ [ "CSCvh75996", "CSCvj03877" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1778", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "7.0(3)I7(4)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1778)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778" }, { "name": "108362", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108362" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1778", "defect": [ [ "CSCvh75996", "CSCvj03877" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1778", "datePublished": "2019-05-15T19:35:18.903829Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:21:05.402Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1795
Vulnerability from cvelistv5
Published
2019-05-15 20:15
Modified
2024-11-20 17:20
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1795 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108479 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.777Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1795)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1795" }, { "name": "108479", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108479" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1795", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:37.609624Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:20:05.520Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-28T16:06:05", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1795)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1795" }, { "name": "108479", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108479" } ], "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1795", "defect": [ [ "CSCvh20029", "CSCvh20359", "CSCvh66202", "CSCvh66214", "CSCvh66219", "CSCvh66243", "CSCvh66257", "CSCvh66259", "CSCvk30761" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1795", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1795)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1795" }, { "name": "108479", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108479" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1795", "defect": [ [ "CSCvh20029", "CSCvh20359", "CSCvh66202", "CSCvh66214", "CSCvh66219", "CSCvh66243", "CSCvh66257", "CSCvh66259", "CSCvk30761" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1795", "datePublished": "2019-05-15T20:15:17.287630Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:20:05.520Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1809
Vulnerability from cvelistv5
Published
2019-05-15 22:15
Modified
2024-11-20 17:19
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108375 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.815Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb" }, { "name": "108375", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108375" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1809", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:32.981622Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:19:35.902Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "CWE-347", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-20T14:06:08", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb" }, { "name": "108375", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108375" } ], "source": { "advisory": "cisco-sa-20190515-nxos-psvb", "defect": [ [ "CSCvi42264", "CSCvj12239" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1809", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.4", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-347" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb" }, { "name": "108375", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108375" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-psvb", "defect": [ [ "CSCvi42264", "CSCvj12239" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1809", "datePublished": "2019-05-15T22:15:23.669524Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:19:35.902Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1728
Vulnerability from cvelistv5
Published
2019-05-15 16:45
Modified
2024-11-20 17:22
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-conf-bypass | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108391 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.538Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-conf-bypass" }, { "name": "108391", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108391" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1728", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:55:04.067211Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:22:35.424Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "CWE-347", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-21T12:06:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-conf-bypass" }, { "name": "108391", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108391" } ], "source": { "advisory": "cisco-sa-20190515-nxos-conf-bypass", "defect": [ [ "CSCvh20223", "CSCvi96577", "CSCvi96578", "CSCvi96579", "CSCvi96580", "CSCvi96583", "CSCvi96584" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1728", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-347" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-conf-bypass" }, { "name": "108391", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108391" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-conf-bypass", "defect": [ [ "CSCvh20223", "CSCvi96577", "CSCvi96578", "CSCvi96579", "CSCvi96580", "CSCvi96583", "CSCvi96584" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1728", "datePublished": "2019-05-15T16:45:23.499873Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:22:35.424Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1387
Vulnerability from cvelistv5
Published
2021-02-24 19:30
Modified
2024-11-08 23:37
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipv6-netstack-edXPGV7K | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:16.899Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210224 Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipv6-netstack-edXPGV7K" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1387", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:03:50.276109Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:37:33.797Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T19:30:55", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210224 Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipv6-netstack-edXPGV7K" } ], "source": { "advisory": "cisco-sa-nxos-ipv6-netstack-edXPGV7K", "defect": [ [ "CSCvu11961", "CSCvu77380" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-02-24T16:00:00", "ID": "CVE-2021-1387", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-401" } ] } ] }, "references": { "reference_data": [ { "name": "20210224 Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipv6-netstack-edXPGV7K" } ] }, "source": { "advisory": "cisco-sa-nxos-ipv6-netstack-edXPGV7K", "defect": [ [ "CSCvu11961", "CSCvu77380" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1387", "datePublished": "2021-02-24T19:30:55.602269Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:37:33.797Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20291
Vulnerability from cvelistv5
Published
2024-02-28 16:16
Modified
2024-08-09 14:58
Severity ?
EPSS score ?
Summary
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.
This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.713Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nxos-po-acl-TkyePgvL", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:nx-os:9.3\\(10\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nx-os", "vendor": "cisco", "versions": [ { "status": "affected", "version": "9.3\\(10\\)" } ] }, { "cpes": [ "cpe:2.3:o:cisco:nx-os:9.3\\(11\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nx-os", "vendor": "cisco", "versions": [ { "status": "affected", "version": "9.3\\(11\\)" } ] }, { "cpes": [ "cpe:2.3:o:cisco:nx-os:9.3\\(12\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nx-os", "vendor": "cisco", "versions": [ { "status": "affected", "version": "9.3\\(12\\)" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20291", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-09T14:55:23.147851Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-09T14:58:23.652Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "9.3(12)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.\r\n\r This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Control", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-28T16:16:33.950Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-po-acl-TkyePgvL", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL" } ], "source": { "advisory": "cisco-sa-nxos-po-acl-TkyePgvL", "defects": [ "CSCwf47127" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20291", "datePublished": "2024-02-28T16:16:33.950Z", "dateReserved": "2023-11-08T15:08:07.628Z", "dateUpdated": "2024-08-09T14:58:23.652Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3165
Vulnerability from cvelistv5
Published
2020-02-26 16:45
Modified
2024-11-15 17:39
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-bgpmd5 | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:24:00.707Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200226 Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-bgpmd5" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3165", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:22:24.323433Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:39:00.943Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "9.2(1)" } ] } ], "datePublic": "2020-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD5 authentication is bypassed if the peer does not have MD5 authentication configured, the NX-OS device does have BGP MD5 authentication configured, and the NX-OS BGP virtual routing and forwarding (VRF) name is configured to be greater than 19 characters. An attacker could exploit this vulnerability by attempting to establish a BGP session with the NX-OS peer. A successful exploit could allow the attacker to establish a BGP session with the NX-OS device without MD5 authentication. The Cisco implementation of the BGP protocol accepts incoming BGP traffic only from explicitly configured peers. To exploit this vulnerability, an attacker must send the malicious packets over a TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the affected system\u0026rsquo;s trusted network." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-798", "description": "CWE-798", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-26T16:45:18", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200226 Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-bgpmd5" } ], "source": { "advisory": "cisco-sa-20200226-nxos-bgpmd5", "defect": [ [ "CSCvq72707" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-02-26T16:00:00-0800", "ID": "CVE-2020-3165", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "=", "version_affected": "=", "version_value": "9.2(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD5 authentication is bypassed if the peer does not have MD5 authentication configured, the NX-OS device does have BGP MD5 authentication configured, and the NX-OS BGP virtual routing and forwarding (VRF) name is configured to be greater than 19 characters. An attacker could exploit this vulnerability by attempting to establish a BGP session with the NX-OS peer. A successful exploit could allow the attacker to establish a BGP session with the NX-OS device without MD5 authentication. The Cisco implementation of the BGP protocol accepts incoming BGP traffic only from explicitly configured peers. To exploit this vulnerability, an attacker must send the malicious packets over a TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the affected system\u0026rsquo;s trusted network." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.2", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-798" } ] } ] }, "references": { "reference_data": [ { "name": "20200226 Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-bgpmd5" } ] }, "source": { "advisory": "cisco-sa-20200226-nxos-bgpmd5", "defect": [ [ "CSCvq72707" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3165", "datePublished": "2020-02-26T16:45:18.681531Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-15T17:39:00.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1734
Vulnerability from cvelistv5
Published
2019-11-05 19:15
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-info | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.554Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-info" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "6.2(7)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-05T19:15:35", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-info" } ], "source": { "advisory": "cisco-sa-20190515-nxos-fxos-info", "defect": [ [ "CSCvj59436", "CSCvk50808", "CSCvk50810", "CSCvk50814", "CSCvk50816", "CSCvk50838" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1734", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "6.2(7)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.5", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-info" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-fxos-info", "defect": [ [ "CSCvj59436", "CSCvk50808", "CSCvk50810", "CSCvk50814", "CSCvk50816", "CSCvk50838" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1734", "datePublished": "2019-11-05T19:15:35.896970Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-16T16:58:10.911Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20321
Vulnerability from cvelistv5
Published
2024-02-28 16:14
Modified
2024-08-16 20:12
Severity ?
EPSS score ?
Summary
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.467Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nxos-ebgp-dos-L3QCwVJ", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJ" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3c\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2v\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(7a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(11\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(12\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.1\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.1\\(2t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(1q\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(3t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(3v\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(99w\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(99x\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.4\\(1\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nx-os", "vendor": "cisco", "versions": [ { "status": "affected", "version": "7.0\\(3\\)f1\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)f2\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)f2\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(3a\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(4\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(3c\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(5\\)" }, { "status": "affected", "version": "9.2\\(1\\)" }, { "status": "affected", "version": "9.2\\(2\\)" }, { "status": "affected", "version": "9.2\\(2t\\)" }, { "status": "affected", "version": "9.2\\(3\\)" }, { "status": "affected", "version": "9.2\\(4\\)" }, { "status": "affected", "version": "9.2\\(2v\\)" }, { "status": "affected", "version": "9.3\\(1\\)" }, { "status": "affected", "version": "9.3\\(2\\)" }, { "status": "affected", "version": "9.3\\(3\\)" }, { "status": "affected", "version": "9.3\\(4\\)" }, { "status": "affected", "version": "9.3\\(5\\)" }, { "status": "affected", "version": "9.3\\(6\\)" }, { "status": "affected", "version": "9.3\\(7\\)" }, { "status": "affected", "version": "9.3\\(7a\\)" }, { "status": "affected", "version": "9.3\\(8\\)" }, { "status": "affected", "version": "9.3\\(9\\)" }, { "status": "affected", "version": "9.3\\(10\\)" }, { "status": "affected", "version": "9.3\\(11\\)" }, { "status": "affected", "version": "9.3\\(12\\)" }, { "status": "affected", "version": "10.1\\(1\\)" }, { "status": "affected", "version": "10.1\\(2\\)" }, { "status": "affected", "version": "10.1\\(2t\\)" }, { "status": "affected", "version": "10.2\\(1\\)" }, { "status": "affected", "version": "10.2\\(1q\\)" }, { "status": "affected", "version": "10.2\\(2\\)" }, { "status": "affected", "version": "10.2\\(3\\)" }, { "status": "affected", "version": "10.2\\(3t\\)" }, { "status": "affected", "version": "10.2\\(4\\)" }, { "status": "affected", "version": "10.2\\(5\\)" }, { "status": "affected", "version": "10.2\\(3v\\)" }, { "status": "affected", "version": "10.2\\(6\\)" }, { "status": "affected", "version": "10.3\\(1\\)" }, { "status": "affected", "version": "10.3\\(2\\)" }, { "status": "affected", "version": "10.3\\(3\\)" }, { "status": "affected", "version": "10.3\\(99w\\)" }, { "status": "affected", "version": "10.3\\(99x\\)" }, { "status": "affected", "version": "10.3\\(4a\\)" }, { "status": "affected", "version": "10.4\\(1\\)" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20321", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-01T16:27:01.615257Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T20:12:16.247Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "9.3(12)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "10.2(3v)" }, { "status": "affected", "version": "10.2(6)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "10.3(3)" }, { "status": "affected", "version": "10.3(99w)" }, { "status": "affected", "version": "10.3(99x)" }, { "status": "affected", "version": "10.3(4a)" }, { "status": "affected", "version": "10.4(1)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-28T16:14:28.992Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-ebgp-dos-L3QCwVJ", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJ" } ], "source": { "advisory": "cisco-sa-nxos-ebgp-dos-L3QCwVJ", "defects": [ "CSCwh09703", "CSCwh96478" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20321", "datePublished": "2024-02-28T16:14:28.992Z", "dateReserved": "2023-11-08T15:08:07.640Z", "dateUpdated": "2024-08-16T20:12:16.247Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1810
Vulnerability from cvelistv5
Published
2019-05-15 22:15
Modified
2024-11-20 17:19
Severity ?
EPSS score ?
Summary
Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108431 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.870Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv" }, { "name": "108431", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108431" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1810", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:34.587099Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:19:45.419Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "CWE-347", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-23T09:06:09", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv" }, { "name": "108431", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108431" } ], "source": { "advisory": "cisco-sa-20190515-nxos-sisv", "defect": [ [ "CSCvj14078" ] ], "discovery": "INTERNAL" }, "title": "Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1810", "STATE": "PUBLIC", "TITLE": "Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-347" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv" }, { "name": "108431", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108431" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-sisv", "defect": [ [ "CSCvj14078" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1810", "datePublished": "2019-05-15T22:15:16.874528Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:19:45.419Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20824
Vulnerability from cvelistv5
Published
2022-08-25 18:40
Modified
2024-11-06 16:07
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9 | vendor-advisory, x_refsource_CISCO | |
https://security.netapp.com/advisory/ntap-20220923-0001/ | x_refsource_CONFIRM |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:24:49.938Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20220824 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220923-0001/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20824", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-06T16:00:02.441929Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-06T16:07:28.736Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-08-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-23T14:06:17", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20220824 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220923-0001/" } ], "source": { "advisory": "cisco-sa-nxos-cdp-dos-ce-wWvPucC9", "defect": [ [ "CSCwb70210", "CSCwb74493", "CSCwb74494", "CSCwb74495", "CSCwb74496", "CSCwb74497", "CSCwb74498", "CSCwb74513" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-08-24T23:00:00", "ID": "CVE-2022-20824", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.8", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "20220824 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9" }, { "name": "https://security.netapp.com/advisory/ntap-20220923-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220923-0001/" } ] }, "source": { "advisory": "cisco-sa-nxos-cdp-dos-ce-wWvPucC9", "defect": [ [ "CSCwb70210", "CSCwb74493", "CSCwb74494", "CSCwb74495", "CSCwb74496", "CSCwb74497", "CSCwb74498", "CSCwb74513" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20824", "datePublished": "2022-08-25T18:40:48.962538Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-06T16:07:28.736Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20823
Vulnerability from cvelistv5
Published
2022-08-25 18:40
Modified
2024-11-06 16:07
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:24:49.937Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20220824 Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20823", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-06T16:01:28.963453Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-06T16:07:37.716Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-08-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device. A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The OSPFv3 feature is disabled by default. To exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device. For more information about exploitation conditions, see the Details section of this advisory." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-25T18:40:30", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20220824 Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu" } ], "source": { "advisory": "cisco-sa-nxos-ospfv3-dos-48qutcu", "defect": [ [ "CSCvz68748", "CSCwb50012", "CSCwb50013", "CSCwb50015" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-08-24T23:00:00", "ID": "CVE-2022-20823", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device. A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The OSPFv3 feature is disabled by default. To exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device. For more information about exploitation conditions, see the Details section of this advisory." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-126" } ] } ] }, "references": { "reference_data": [ { "name": "20220824 Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu" } ] }, "source": { "advisory": "cisco-sa-nxos-ospfv3-dos-48qutcu", "defect": [ [ "CSCvz68748", "CSCwb50012", "CSCwb50013", "CSCwb50015" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20823", "datePublished": "2022-08-25T18:40:30.942730Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-06T16:07:37.716Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-0395
Vulnerability from cvelistv5
Published
2018-10-17 20:00
Modified
2024-09-17 01:21
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos | vendor-advisory, x_refsource_CISCO | |
http://www.securitytracker.com/id/1041919 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/105674 | vdb-entry, x_refsource_BID |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:21:15.658Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20181017 Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos" }, { "name": "1041919", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041919" }, { "name": "105674", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105674" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "6.2(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firepower 4100 Series Next-Generation Firewalls", "vendor": "Cisco", "versions": [ { "lessThan": "\u003c2.3.1.58", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2018-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-20T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20181017 Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos" }, { "name": "1041919", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041919" }, { "name": "105674", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105674" } ], "source": { "advisory": "cisco-sa-20181017-fxnx-os-dos", "defect": [ [ "CSCuc98542", "CSCvf23367", "CSCvj94174", "CSCvj96148" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-10-17T16:00:00-0500", "ID": "CVE-2018-0395", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "6.2(1)" } ] } }, { "product_name": "Firepower 4100 Series Next-Generation Firewalls", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "\u003c2.3.1.58" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.8", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20181017 Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos" }, { "name": "1041919", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041919" }, { "name": "105674", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105674" } ] }, "source": { "advisory": "cisco-sa-20181017-fxnx-os-dos", "defect": [ [ "CSCuc98542", "CSCvf23367", "CSCvj94174", "CSCvj96148" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0395", "datePublished": "2018-10-17T20:00:00Z", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-09-17T01:21:42.887Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1775
Vulnerability from cvelistv5
Published
2019-05-15 19:30
Modified
2024-11-20 17:21
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108371 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.804Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775" }, { "name": "108371", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108371" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1775", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:50.369148Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:21:23.923Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-17T16:06:13", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775" }, { "name": "108371", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108371" } ], "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1774-1775", "defect": [ [ "CSCvh75895", "CSCvh75909", "CSCvh75968", "CSCvh75976", "CSCvi92256", "CSCvi92258", "CSCvi92260", "CSCvi99195", "CSCvi99197", "CSCvi99198" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1775", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775" }, { "name": "108371", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108371" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1774-1775", "defect": [ [ "CSCvh75895", "CSCvh75909", "CSCvh75968", "CSCvh75976", "CSCvi92256", "CSCvi92258", "CSCvi92260", "CSCvi99195", "CSCvi99197", "CSCvi99198" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1775", "datePublished": "2019-05-15T19:30:33.009046Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:21:23.923Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20285
Vulnerability from cvelistv5
Published
2024-08-28 16:37
Modified
2024-08-28 17:19
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Python Parser Escape Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20285", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-28T17:19:39.299396Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T17:19:57.207Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "7.3(6)N1(1a)" }, { "status": "affected", "version": "8.4(2)" }, { "status": "affected", "version": "7.3(6)N1(1)" }, { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "7.0(3)I5(2)" }, { "status": "affected", "version": "8.2(1)" }, { "status": "affected", "version": "6.0(2)A8(7a)" }, { "status": "affected", "version": "7.0(3)I4(5)" }, { "status": "affected", "version": "6.0(2)A6(1)" }, { "status": "affected", "version": "7.3(1)D1(1)" }, { "status": "affected", "version": "7.0(3)I4(6)" }, { "status": "affected", "version": "7.3(4)N1(1)" }, { "status": "affected", "version": "7.0(3)I4(3)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "6.0(2)A6(5b)" }, { "status": "affected", "version": "7.3(0)D1(1)" }, { "status": "affected", "version": "6.2(17a)" }, { "status": "affected", "version": "7.0(3)I4(7)" }, { "status": "affected", "version": "6.0(2)U6(1a)" }, { "status": "affected", "version": "7.1(5)N1(1b)" }, { "status": "affected", "version": "7.0(3)I4(1)" }, { "status": "affected", "version": "7.0(3)I4(8)" }, { "status": "affected", "version": "7.0(3)I4(2)" }, { "status": "affected", "version": "7.1(4)N1(1c)" }, { "status": "affected", "version": "7.0(3)IM3(1)" }, { "status": "affected", "version": "6.0(2)U6(5a)" }, { "status": "affected", "version": "6.0(2)A8(11)" }, { "status": "affected", "version": "6.0(2)A6(4a)" }, { "status": "affected", "version": "6.2(9)" }, { "status": "affected", "version": "6.2(5)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3y)" }, { "status": "affected", "version": "7.0(3)I4(1t)" }, { "status": "affected", "version": "6.0(2)U6(5c)" }, { "status": "affected", "version": "6.0(2)A6(4)" }, { "status": "affected", "version": "7.0(3)I7(6z)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "7.3(1)DY(1)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "6.0(2)U6(6)" }, { "status": "affected", "version": "6.2(29)" }, { "status": "affected", "version": "7.0(3)I7(3z)" }, { "status": "affected", "version": "7.0(3)IM7(2)" }, { "status": "affected", "version": "6.0(2)A8(11b)" }, { "status": "affected", "version": "6.2(9a)" }, { "status": "affected", "version": "7.3(0)N1(1)" }, { "status": "affected", "version": "7.0(3)I7(5a)" }, { "status": "affected", "version": "6.2(11d)" }, { "status": "affected", "version": "7.0(3)I6(1)" }, { "status": "affected", "version": "6.0(2)U6(10)" }, { "status": "affected", "version": "7.0(3)IM3(2)" }, { "status": "affected", "version": "6.0(2)A6(8)" }, { "status": "affected", "version": "6.0(2)U6(1)" }, { "status": "affected", "version": "7.3(2)N1(1c)" }, { "status": "affected", "version": "7.0(3)I5(3b)" }, { "status": "affected", "version": "7.3(5)N1(1)" }, { "status": "affected", "version": "6.0(2)A6(2a)" }, { "status": "affected", "version": "7.3(2)N1(1b)" }, { "status": "affected", "version": "6.2(27)" }, { "status": "affected", "version": "7.3(1)N1(1)" }, { "status": "affected", "version": "6.0(2)U6(7)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "7.1(4)N1(1a)" }, { "status": "affected", "version": "8.1(1)" }, { "status": "affected", "version": "7.1(3)N1(4)" }, { "status": "affected", "version": "7.0(3)IM3(2a)" }, { "status": "affected", "version": "6.0(2)A8(10)" }, { "status": "affected", "version": "7.1(3)N1(2)" }, { "status": "affected", "version": "8.2(2)" }, { "status": "affected", "version": "6.2(13)" }, { "status": "affected", "version": "6.0(2)A8(2)" }, { "status": "affected", "version": "7.0(3)IC4(4)" }, { "status": "affected", "version": "6.2(1)" }, { "status": "affected", "version": "8.3(2)" }, { "status": "affected", "version": "7.3(4)N1(1a)" }, { "status": "affected", "version": "6.0(2)A6(3)" }, { "status": "affected", "version": "6.0(2)U6(5b)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "6.0(2)U6(5)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "7.1(2)N1(1)" }, { "status": "affected", "version": "7.1(3)N1(3)" }, { "status": "affected", "version": "6.0(2)A6(7)" }, { "status": "affected", "version": "7.0(3)I7(2)" }, { "status": "affected", "version": "6.2(5a)" }, { "status": "affected", "version": "6.0(2)A6(5)" }, { "status": "affected", "version": "7.0(3)IM3(2b)" }, { "status": "affected", "version": "7.1(3)N1(1)" }, { "status": "affected", "version": "6.0(2)U6(4a)" }, { "status": "affected", "version": "7.0(3)I5(3)" }, { "status": "affected", "version": "7.0(3)I7(3)" }, { "status": "affected", "version": "6.0(2)A8(6)" }, { "status": "affected", "version": "7.0(3)I6(2)" }, { "status": "affected", "version": "8.3(1)" }, { "status": "affected", "version": "6.2(3)" }, { "status": "affected", "version": "7.1(1)N1(1)" }, { "status": "affected", "version": "8.1(1b)" }, { "status": "affected", "version": "7.3(0)N1(1b)" }, { "status": "affected", "version": "6.0(2)A8(5)" }, { "status": "affected", "version": "7.1(4)N1(1d)" }, { "status": "affected", "version": "7.3(2)N1(1)" }, { "status": "affected", "version": "6.0(2)U6(8)" }, { "status": "affected", "version": "7.1(1)N1(1a)" }, { "status": "affected", "version": "7.0(3)IM3(3)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "6.0(2)U6(2)" }, { "status": "affected", "version": "6.2(9b)" }, { "status": "affected", "version": "7.1(3)N1(2a)" }, { "status": "affected", "version": "7.3(0)N1(1a)" }, { "status": "affected", "version": "6.0(2)A8(7)" }, { "status": "affected", "version": "7.0(3)I7(6)" }, { "status": "affected", "version": "8.4(1)" }, { "status": "affected", "version": "6.2(25)" }, { "status": "affected", "version": "6.0(2)U6(3a)" }, { "status": "affected", "version": "6.0(2)A8(11a)" }, { "status": "affected", "version": "6.2(11e)" }, { "status": "affected", "version": "7.1(3)N1(5)" }, { "status": "affected", "version": "7.0(3)I4(8z)" }, { "status": "affected", "version": "6.2(11)" }, { "status": "affected", "version": "7.0(3)I4(9)" }, { "status": "affected", "version": "6.2(19)" }, { "status": "affected", "version": "7.1(0)N1(1b)" }, { "status": "affected", "version": "7.0(3)I7(4)" }, { "status": "affected", "version": "7.0(3)I7(7)" }, { "status": "affected", "version": "6.2(5b)" }, { "status": "affected", "version": "7.3(0)DY(1)" }, { "status": "affected", "version": "6.0(2)A8(9)" }, { "status": "affected", "version": "6.0(2)A8(1)" }, { "status": "affected", "version": "7.1(5)N1(1)" }, { "status": "affected", "version": "6.2(15)" }, { "status": "affected", "version": "6.0(2)A6(6)" }, { "status": "affected", "version": "6.0(2)A8(10a)" }, { "status": "affected", "version": "7.0(3)I5(1)" }, { "status": "affected", "version": "9.3(1z)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "6.2(7)" }, { "status": "affected", "version": "6.2(9c)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "7.3(3)N1(1)" }, { "status": "affected", "version": "7.0(3)I4(8b)" }, { "status": "affected", "version": "6.0(2)A8(3)" }, { "status": "affected", "version": "6.2(11b)" }, { "status": "affected", "version": "7.0(3)I4(6t)" }, { "status": "affected", "version": "7.0(3)I5(3a)" }, { "status": "affected", "version": "8.1(1a)" }, { "status": "affected", "version": "6.2(13a)" }, { "status": "affected", "version": "6.0(2)A8(8)" }, { "status": "affected", "version": "7.0(3)I7(5)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "7.1(0)N1(1a)" }, { "status": "affected", "version": "6.0(2)A8(4)" }, { "status": "affected", "version": "6.0(2)A6(3a)" }, { "status": "affected", "version": "6.0(2)A6(5a)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)I4(8a)" }, { "status": "affected", "version": "6.0(2)U6(9)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "6.0(2)U6(2a)" }, { "status": "affected", "version": "6.2(17)" }, { "status": "affected", "version": "7.0(3)I4(4)" }, { "status": "affected", "version": "6.2(23)" }, { "status": "affected", "version": "6.2(13b)" }, { "status": "affected", "version": "6.0(2)U6(3)" }, { "status": "affected", "version": "7.1(2)N1(1a)" }, { "status": "affected", "version": "7.0(3)I7(1)" }, { "status": "affected", "version": "6.2(21)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)IA7(2)" }, { "status": "affected", "version": "7.0(3)IA7(1)" }, { "status": "affected", "version": "6.0(2)A8(7b)" }, { "status": "affected", "version": "6.2(11c)" }, { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "6.0(2)A6(1a)" }, { "status": "affected", "version": "7.1(0)N1(1)" }, { "status": "affected", "version": "6.0(2)A6(2)" }, { "status": "affected", "version": "7.1(4)N1(1)" }, { "status": "affected", "version": "6.0(2)A8(4a)" }, { "status": "affected", "version": "6.0(2)U6(4)" }, { "status": "affected", "version": "8.4(1a)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "7.3(7)N1(1)" }, { "status": "affected", "version": "6.2(31)" }, { "status": "affected", "version": "7.0(3)I7(8)" }, { "status": "affected", "version": "6.0(2)U6(10a)" }, { "status": "affected", "version": "7.3(7)N1(1a)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "6.2(33)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "8.4(2a)" }, { "status": "affected", "version": "8.4(2b)" }, { "status": "affected", "version": "7.3(8)N1(1)" }, { "status": "affected", "version": "7.0(3)I7(9)" }, { "status": "affected", "version": "7.3(7)N1(1b)" }, { "status": "affected", "version": "8.5(1)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "8.4(2c)" }, { "status": "affected", "version": "9.3(5w)" }, { "status": "affected", "version": "7.3(9)N1(1)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7k)" }, { "status": "affected", "version": "7.0(3)I7(9w)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "7.3(8)N1(1a)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "8.4(2d)" }, { "status": "affected", "version": "7.3(10)N1(1)" }, { "status": "affected", "version": "7.0(3)I7(10)" }, { "status": "affected", "version": "7.3(8)N1(1b)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "7.3(11)N1(1)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "8.4(2e)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "7.3(11)N1(1a)" }, { "status": "affected", "version": "10.2(2a)" }, { "status": "affected", "version": "7.3(12)N1(1)" }, { "status": "affected", "version": "9.2(1a)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "7.3(13)N1(1)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "10.3(3)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "9.4(1)" }, { "status": "affected", "version": "9.3(2a)" }, { "status": "affected", "version": "8.4(2f)" }, { "status": "affected", "version": "9.3(12)" }, { "status": "affected", "version": "10.2(3v)" }, { "status": "affected", "version": "10.4(1)" }, { "status": "affected", "version": "10.3(99w)" }, { "status": "affected", "version": "7.3(14)N1(1)" }, { "status": "affected", "version": "10.2(6)" }, { "status": "affected", "version": "10.3(3w)" }, { "status": "affected", "version": "10.3(99x)" }, { "status": "affected", "version": "10.3(3o)" }, { "status": "affected", "version": "10.3(4)" }, { "status": "affected", "version": "10.3(3p)" }, { "status": "affected", "version": "10.3(4a)" }, { "status": "affected", "version": "9.4(1a)" }, { "status": "affected", "version": "10.4(2)" }, { "status": "affected", "version": "10.3(3q)" }, { "status": "affected", "version": "9.3(13)" }, { "status": "affected", "version": "10.3(5)" }, { "status": "affected", "version": "10.2(7)" }, { "status": "affected", "version": "10.4(3)" }, { "status": "affected", "version": "10.3(3x)" }, { "status": "affected", "version": "10.3(4g)" }, { "status": "affected", "version": "10.3(3r)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.\r\n\r\nThe vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.\u0026nbsp;\r\nNote: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-653", "description": "Insufficient Compartmentalization", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-28T16:37:27.149Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-psbe-ce-YvbTn5du", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du" }, { "name": "Cisco NX-OS Security with Python", "url": "https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410" } ], "source": { "advisory": "cisco-sa-nxos-psbe-ce-YvbTn5du", "defects": [ "CSCwh77780" ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Python Parser Escape Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20285", "datePublished": "2024-08-28T16:37:27.149Z", "dateReserved": "2023-11-08T15:08:07.626Z", "dateUpdated": "2024-08-28T17:19:57.207Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1731
Vulnerability from cvelistv5
Published
2019-05-15 16:50
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software SSH Key Information Disclosure Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-ssh-info | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108353 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:41.644Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software SSH Key Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-ssh-info" }, { "name": "108353", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108353" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user\u0027s private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user\u0027s private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-17T06:06:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software SSH Key Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-ssh-info" }, { "name": "108353", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108353" } ], "source": { "advisory": "cisco-sa-20190515-nxos-ssh-info", "defect": [ [ "CSCvh76123", "CSCvj01385", "CSCvj01386", "CSCvj01393" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software SSH Key Information Disclosure Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1731", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software SSH Key Information Disclosure Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user\u0027s private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user\u0027s private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.1", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software SSH Key Information Disclosure Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-ssh-info" }, { "name": "108353", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108353" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-ssh-info", "defect": [ [ "CSCvh76123", "CSCvj01385", "CSCvj01386", "CSCvj01393" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1731", "datePublished": "2019-05-15T16:50:36.106074Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-17T00:56:26.691Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1367
Vulnerability from cvelistv5
Published
2021-02-24 19:30
Modified
2024-11-08 23:38
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-pim-dos-Y8SjMz4 | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:16.870Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210224 Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-pim-dos-Y8SjMz4" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1367", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:48:20.897429Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:38:19.100Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T19:30:45", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210224 Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-pim-dos-Y8SjMz4" } ], "source": { "advisory": "cisco-sa-nxos-pim-dos-Y8SjMz4", "defect": [ [ "CSCvv98438" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-02-24T16:00:00", "ID": "CVE-2021-1367", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.3", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20210224 Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-pim-dos-Y8SjMz4" } ] }, "source": { "advisory": "cisco-sa-nxos-pim-dos-Y8SjMz4", "defect": [ [ "CSCvv98438" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1367", "datePublished": "2021-02-24T19:30:45.486967Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:38:19.100Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1227
Vulnerability from cvelistv5
Published
2021-02-24 19:30
Modified
2024-11-08 23:40
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:02:56.336Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210224 Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1227", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:20:57.173951Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:40:13.499Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T19:30:15", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210224 Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z" } ], "source": { "advisory": "cisco-sa-nxos-nxapi-csrf-wRMzWL9z", "defect": [ [ "CSCvr82908", "CSCvu67365", "CSCvv92342" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-02-24T16:00:00", "ID": "CVE-2021-1227", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.1", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-352" } ] } ] }, "references": { "reference_data": [ { "name": "20210224 Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z" } ] }, "source": { "advisory": "cisco-sa-nxos-nxapi-csrf-wRMzWL9z", "defect": [ [ "CSCvr82908", "CSCvu67365", "CSCvv92342" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1227", "datePublished": "2021-02-24T19:30:15.985802Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:40:13.499Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1229
Vulnerability from cvelistv5
Published
2021-02-24 19:30
Modified
2024-11-08 23:39
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software ICMP Version 6 Memory Leak Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:02:56.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210224 Cisco NX-OS Software ICMP Version 6 Memory Leak Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1229", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:04:00.849888Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:39:57.780Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition. This vulnerability is due to improper error handling when an IPv6-configured interface receives a specific type of ICMPv6 packet. An attacker could exploit this vulnerability by sending a sustained rate of crafted ICMPv6 packets to a local IPv6 address on a targeted device. A successful exploit could allow the attacker to cause a system memory leak in the ICMPv6 process on the device. As a result, the ICMPv6 process could run out of system memory and stop processing traffic. The device could then drop all ICMPv6 packets, causing traffic instability on the device. Restoring device functionality would require a device reboot." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T19:30:21", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210224 Cisco NX-OS Software ICMP Version 6 Memory Leak Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq" } ], "source": { "advisory": "cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq", "defect": [ [ "CSCvv24541", "CSCvv96592", "CSCvv96593" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software ICMP Version 6 Memory Leak Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-02-24T16:00:00", "ID": "CVE-2021-1229", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software ICMP Version 6 Memory Leak Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition. This vulnerability is due to improper error handling when an IPv6-configured interface receives a specific type of ICMPv6 packet. An attacker could exploit this vulnerability by sending a sustained rate of crafted ICMPv6 packets to a local IPv6 address on a targeted device. A successful exploit could allow the attacker to cause a system memory leak in the ICMPv6 process on the device. As a result, the ICMPv6 process could run out of system memory and stop processing traffic. The device could then drop all ICMPv6 packets, causing traffic instability on the device. Restoring device functionality would require a device reboot." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-401" } ] } ] }, "references": { "reference_data": [ { "name": "20210224 Cisco NX-OS Software ICMP Version 6 Memory Leak Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq" } ] }, "source": { "advisory": "cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq", "defect": [ [ "CSCvv24541", "CSCvv96592", "CSCvv96593" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1229", "datePublished": "2021-02-24T19:30:21.325015Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:39:57.780Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1790
Vulnerability from cvelistv5
Published
2019-05-15 20:05
Modified
2024-11-20 17:20
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1790 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108383 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.802Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1790)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1790" }, { "name": "108383", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108383" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1790", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:42.195367Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:20:35.731Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-20T14:06:09", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1790)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1790" }, { "name": "108383", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108383" } ], "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1790", "defect": [ [ "CSCvh20096", "CSCvh20112", "CSCvi96504", "CSCvi96509", "CSCvi96510" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1790", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1790)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1790" }, { "name": "108383", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108383" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1790", "defect": [ [ "CSCvh20096", "CSCvh20112", "CSCvi96504", "CSCvi96509", "CSCvi96510" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1790", "datePublished": "2019-05-15T20:05:14.522885Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:20:35.731Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1730
Vulnerability from cvelistv5
Published
2019-05-15 16:50
Modified
2024-09-17 02:46
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-bash-bypass | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108397 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.051Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-bash-bypass" }, { "name": "108397", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108397" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-264", "description": "CWE-264", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-21T13:06:05", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-bash-bypass" }, { "name": "108397", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108397" } ], "source": { "advisory": "cisco-sa-20190515-nxos-bash-bypass", "defect": [ [ "CSCvh76090", "CSCvj01472", "CSCvj01497" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1730", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-264" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-bash-bypass" }, { "name": "108397", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108397" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-bash-bypass", "defect": [ [ "CSCvh76090", "CSCvj01472", "CSCvj01497" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1730", "datePublished": "2019-05-15T16:50:43.974976Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-17T02:46:29.210Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1776
Vulnerability from cvelistv5
Published
2019-05-15 19:30
Modified
2024-11-20 17:21
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1776 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108377 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.791Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1776)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1776" }, { "name": "108377", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108377" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1776", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:52.088982Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:21:33.454Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-20T14:06:09", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1776)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1776" }, { "name": "108377", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108377" } ], "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1776", "defect": [ [ "CSCvh20076", "CSCvh20081", "CSCvi96429", "CSCvi96431", "CSCvi96432", "CSCvi96433" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1776", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1776)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1776" }, { "name": "108377", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108377" } ] }, "source": { "advisory": "cisco-sa-20190515-nxos-cmdinj-1776", "defect": [ [ "CSCvh20076", "CSCvh20081", "CSCvi96429", "CSCvi96431", "CSCvi96432", "CSCvi96433" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1776", "datePublished": "2019-05-15T19:30:23.065020Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:21:33.454Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3415
Vulnerability from cvelistv5
Published
2020-08-27 15:40
Modified
2024-11-13 18:10
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dme-rce-cbE3nhZS | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:30:58.399Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200826 Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dme-rce-cbE3nhZS" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3415", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:18:14.256789Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T18:10:14.077Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-08-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-27T15:40:23", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200826 Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dme-rce-cbE3nhZS" } ], "source": { "advisory": "cisco-sa-nxos-dme-rce-cbE3nhZS", "defect": [ [ "CSCvr89315", "CSCvs10167" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-08-26T16:00:00", "ID": "CVE-2020-3415", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.8", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "20200826 Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dme-rce-cbE3nhZS" } ] }, "source": { "advisory": "cisco-sa-nxos-dme-rce-cbE3nhZS", "defect": [ [ "CSCvr89315", "CSCvs10167" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3415", "datePublished": "2020-08-27T15:40:23.899583Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T18:10:14.077Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1781
Vulnerability from cvelistv5
Published
2019-05-15 19:45
Modified
2024-11-20 17:20
Severity ?
EPSS score ?
Summary
Cisco FXOS and NX-OS Software Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/108407 | vdb-entry, x_refsource_BID |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.734Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerabilities (CVE-2019-1781, CVE-2019-1782)", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782" }, { "name": "108407", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108407" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1781", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:54:44.395123Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:20:46.849Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-22T13:06:04", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerabilities (CVE-2019-1781, CVE-2019-1782)", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782" }, { "name": "108407", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108407" } ], "source": { "advisory": "cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782", "defect": [ [ "CSCvh20027", "CSCvh20389", "CSCvi01445", "CSCvi01448", "CSCvi91985", "CSCvi92126", "CSCvi92128", "CSCvi92129", "CSCvi92130", "CSCvi96522", "CSCvi96524", "CSCvi96525", "CSCvi96526", "CSCvi96527" ] ], "discovery": "INTERNAL" }, "title": "Cisco FXOS and NX-OS Software Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1781", "STATE": "PUBLIC", "TITLE": "Cisco FXOS and NX-OS Software Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.3(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerabilities (CVE-2019-1781, CVE-2019-1782)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782" }, { "name": "108407", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108407" } ] }, "source": { "advisory": "cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782", "defect": [ [ "CSCvh20027", "CSCvh20389", "CSCvi01445", "CSCvi01448", "CSCvi91985", "CSCvi92126", "CSCvi92128", "CSCvi92129", "CSCvi92130", "CSCvi96522", "CSCvi96524", "CSCvi96525", "CSCvi96526", "CSCvi96527" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1781", "datePublished": "2019-05-15T19:45:27.562921Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:20:46.849Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1965
Vulnerability from cvelistv5
Published
2019-08-28 18:55
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:35:51.782Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190828 Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "lessThan": "8.4(1)", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-08-28T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-28T18:55:13", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190828 Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos" } ], "source": { "advisory": "cisco-sa-20190828-nxos-memleak-dos", "defect": [ [ "CSCvi15409", "CSCvn50393", "CSCvn50443", "CSCvn50446", "CSCvn52167" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-08-28T16:00:00-0700", "ID": "CVE-2019-1965", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "8.4(1)" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "7.7", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400" } ] } ] }, "references": { "reference_data": [ { "name": "20190828 Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos" } ] }, "source": { "advisory": "cisco-sa-20190828-nxos-memleak-dos", "defect": [ [ "CSCvi15409", "CSCvn50393", "CSCvn50443", "CSCvn50446", "CSCvn52167" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1965", "datePublished": "2019-08-28T18:55:13.586838Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-17T02:41:27.327Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20115
Vulnerability from cvelistv5
Published
2023-08-23 18:20
Modified
2024-10-02 18:56
Severity ?
EPSS score ?
Summary
A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device.
This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user.
There are workarounds that address this vulnerability.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:36.187Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nxos-sftp-xVAp5Hfd", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-sftp-xVAp5Hfd" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20115", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-02T18:56:28.348139Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-02T18:56:36.940Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.3(2)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. \r\n\r This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user.\r\n\r There are workarounds that address this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-671", "description": "Lack of Administrator Control over Security", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:46.171Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-sftp-xVAp5Hfd", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-sftp-xVAp5Hfd" } ], "source": { "advisory": "cisco-sa-nxos-sftp-xVAp5Hfd", "defects": [ "CSCwe47138" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20115", "datePublished": "2023-08-23T18:20:34.184Z", "dateReserved": "2022-10-27T18:47:50.344Z", "dateUpdated": "2024-10-02T18:56:36.940Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1361
Vulnerability from cvelistv5
Published
2021-02-24 19:30
Modified
2024-11-08 23:38
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2 | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:16.912Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210224 Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1361", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T19:56:03.272438Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:38:40.489Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T19:30:41", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210224 Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2" } ], "source": { "advisory": "cisco-sa-3000-9000-fileaction-QtLzDRy2", "defect": [ [ "CSCvw89875" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-02-24T16:00:00", "ID": "CVE-2021-1361", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "9.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-552" } ] } ] }, "references": { "reference_data": [ { "name": "20210224 Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2" } ] }, "source": { "advisory": "cisco-sa-3000-9000-fileaction-QtLzDRy2", "defect": [ [ "CSCvw89875" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1361", "datePublished": "2021-02-24T19:30:41.350830Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:38:40.489Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20169
Vulnerability from cvelistv5
Published
2023-08-23 18:19
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.
This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:36.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.3(2)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.\r\n\r This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-788", "description": "Access of Memory Location After End of Buffer", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:49.042Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb" } ], "source": { "advisory": "cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb", "defects": [ "CSCwe11136" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20169", "datePublished": "2023-08-23T18:19:45.317Z", "dateReserved": "2022-10-27T18:47:50.362Z", "dateUpdated": "2024-08-02T09:05:36.905Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20413
Vulnerability from cvelistv5
Published
2024-08-28 16:27
Modified
2024-08-30 03:56
Severity ?
EPSS score ?
Summary
Cisco NX-OS Bash Privilege Escalation Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:nx-os:9.2\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(7a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2v\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(5b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(5a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(11\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(3y\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(1t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(5c\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(6z\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(3z\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im7\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(11b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(5a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(3b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)ic4\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(5b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3c\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(2b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(11a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(8z\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(10a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(1z\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(8b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(6t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(3a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(5a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(8a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)ia7\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)ia7\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(7b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(10a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.1\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(5w\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(7k\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(9w\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(7a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(1q\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(9\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.1\\(2t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(3t\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(10\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(11\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(12\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(3v\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.4\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(99w\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(6\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3w\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(99x\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3o\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(4\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3p\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(4a\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.4\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3q\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(13\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(7\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3x\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(4g\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.3\\(3r\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nx-os", "vendor": "cisco", "versions": [ { "status": "affected", "version": "9.2\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)i5\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(7a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(5\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(6\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(3\\)" }, { "status": "affected", "version": "9.2\\(2v\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(5b\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(7\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(1a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(8\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)im3\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(5a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(11\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(4a\\)" }, { "status": "affected", "version": "9.2\\(1\\)" }, { "status": "affected", "version": "9.2\\(2t\\)" }, { "status": "affected", "version": "9.2\\(3y\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(1t\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(5c\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(4\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(6z\\)" }, { "status": "affected", "version": "9.3\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(3\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(6\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(3z\\)" }, { "status": "affected", "version": "7.0\\(3\\)im7\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(11b\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(5a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i6\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(10\\)" }, { "status": "affected", "version": "7.0\\(3\\)im3\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(8\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)i5\\(3b\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(2a\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(7\\)" }, { "status": "affected", "version": "9.2\\(4\\)" }, { "status": "affected", "version": "7.0\\(3\\)im3\\(2a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(10\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)ic4\\(4\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(3\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(5b\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(3c\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(5\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(5\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(7\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(5\\)" }, { "status": "affected", "version": "7.0\\(3\\)im3\\(2b\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(4a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i5\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(3\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(6\\)" }, { "status": "affected", "version": "7.0\\(3\\)i6\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(5\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(8\\)" }, { "status": "affected", "version": "7.0\\(3\\)im3\\(3\\)" }, { "status": "affected", "version": "9.3\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(7\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(6\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(3a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(11a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(8z\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(9\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(4\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(7\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(9\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(6\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(10a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i5\\(1\\)" }, { "status": "affected", "version": "9.3\\(1z\\)" }, { "status": "affected", "version": "9.2\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(4\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(8b\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(6t\\)" }, { "status": "affected", "version": "7.0\\(3\\)i5\\(3a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(8\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(5\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(3a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(4\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(3a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(5a\\)" }, { "status": "affected", "version": "7.0\\(3\\)f2\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(8a\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(9\\)" }, { "status": "affected", "version": "7.0\\(3\\)f3\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(2a\\)" }, { "status": "affected", "version": "7.0\\(3\\)i4\\(4\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(1\\)" }, { "status": "affected", "version": "7.0\\(3\\)f2\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)ia7\\(2\\)" }, { "status": "affected", "version": "7.0\\(3\\)ia7\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(7b\\)" }, { "status": "affected", "version": "7.0\\(3\\)f1\\(1\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(1a\\)" }, { "status": "affected", "version": "6.0\\(2\\)a6\\(2\\)" }, { "status": "affected", "version": "6.0\\(2\\)a8\\(4a\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(4\\)" }, { "status": "affected", "version": "9.3\\(3\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(8\\)" }, { "status": "affected", "version": "6.0\\(2\\)u6\\(10a\\)" }, { "status": "affected", "version": "9.3\\(4\\)" }, { "status": "affected", "version": "9.3\\(5\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(9\\)" }, { "status": "affected", "version": "9.3\\(6\\)" }, { "status": "affected", "version": "10.1\\(2\\)" }, { "status": "affected", "version": "10.1\\(1\\)" }, { "status": "affected", "version": "9.3\\(5w\\)" }, { "status": "affected", "version": "9.3\\(7\\)" }, { "status": "affected", "version": "9.3\\(7k\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(9w\\)" }, { "status": "affected", "version": "10.2\\(1\\)" }, { "status": "affected", "version": "9.3\\(7a\\)" }, { "status": "affected", "version": "9.3\\(8\\)" }, { "status": "affected", "version": "7.0\\(3\\)i7\\(10\\)" }, { "status": "affected", "version": "10.2\\(1q\\)" }, { "status": "affected", "version": "10.2\\(2\\)" }, { "status": "affected", "version": "9.3\\(9\\)" }, { "status": "affected", "version": "10.1\\(2t\\)" }, { "status": "affected", "version": "10.2\\(3\\)" }, { "status": "affected", "version": "10.2\\(3t\\)" }, { "status": "affected", "version": "9.3\\(10\\)" }, { "status": "affected", "version": "10.2\\(2a\\)" }, { "status": "affected", "version": "10.3\\(1\\)" }, { "status": "affected", "version": "10.2\\(4\\)" }, { "status": "affected", "version": "10.3\\(2\\)" }, { "status": "affected", "version": "9.3\\(11\\)" }, { "status": "affected", "version": "10.3\\(3\\)" }, { "status": "affected", "version": "10.2\\(5\\)" }, { "status": "affected", "version": "9.3\\(12\\)" }, { "status": "affected", "version": "10.2\\(3v\\)" }, { "status": "affected", "version": "10.4\\(1\\)" }, { "status": "affected", "version": "10.3\\(99w\\)" }, { "status": "affected", "version": "10.2\\(6\\)" }, { "status": "affected", "version": "10.3\\(3w\\)" }, { "status": "affected", "version": "10.3\\(99x\\)" }, { "status": "affected", "version": "10.3\\(3o\\)" }, { "status": "affected", "version": "10.3\\(4\\)" }, { "status": "affected", "version": "10.3\\(3p\\)" }, { "status": "affected", "version": "10.3\\(4a\\)" }, { "status": "affected", "version": "10.4\\(2\\)" }, { "status": "affected", "version": "10.3\\(3q\\)" }, { "status": "affected", "version": "9.3\\(13\\)" }, { "status": "affected", "version": "10.2\\(7\\)" }, { "status": "affected", "version": "10.3\\(3x\\)" }, { "status": "affected", "version": "10.3\\(4g\\)" }, { "status": "affected", "version": "10.3\\(3r\\)" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20413", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-30T03:56:03.888Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "9.2(3)" }, { "status": "affected", "version": "7.0(3)I5(2)" }, { "status": "affected", "version": "6.0(2)A8(7a)" }, { "status": "affected", "version": "7.0(3)I4(5)" }, { "status": "affected", "version": "6.0(2)A6(1)" }, { "status": "affected", "version": "7.0(3)I4(6)" }, { "status": "affected", "version": "7.0(3)I4(3)" }, { "status": "affected", "version": "9.2(2v)" }, { "status": "affected", "version": "6.0(2)A6(5b)" }, { "status": "affected", "version": "7.0(3)I4(7)" }, { "status": "affected", "version": "6.0(2)U6(1a)" }, { "status": "affected", "version": "7.0(3)I4(1)" }, { "status": "affected", "version": "7.0(3)I4(8)" }, { "status": "affected", "version": "7.0(3)I4(2)" }, { "status": "affected", "version": "7.0(3)IM3(1)" }, { "status": "affected", "version": "6.0(2)U6(5a)" }, { "status": "affected", "version": "6.0(2)A8(11)" }, { "status": "affected", "version": "6.0(2)A6(4a)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.2(2t)" }, { "status": "affected", "version": "9.2(3y)" }, { "status": "affected", "version": "7.0(3)I4(1t)" }, { "status": "affected", "version": "6.0(2)U6(5c)" }, { "status": "affected", "version": "6.0(2)A6(4)" }, { "status": "affected", "version": "7.0(3)I7(6z)" }, { "status": "affected", "version": "9.3(2)" }, { "status": "affected", "version": "7.0(3)F3(3)" }, { "status": "affected", "version": "6.0(2)U6(6)" }, { "status": "affected", "version": "7.0(3)I7(3z)" }, { "status": "affected", "version": "7.0(3)IM7(2)" }, { "status": "affected", "version": "6.0(2)A8(11b)" }, { "status": "affected", "version": "7.0(3)I7(5a)" }, { "status": "affected", "version": "7.0(3)I6(1)" }, { "status": "affected", "version": "6.0(2)U6(10)" }, { "status": "affected", "version": "7.0(3)IM3(2)" }, { "status": "affected", "version": "6.0(2)A6(8)" }, { "status": "affected", "version": "6.0(2)U6(1)" }, { "status": "affected", "version": "7.0(3)I5(3b)" }, { "status": "affected", "version": "6.0(2)A6(2a)" }, { "status": "affected", "version": "6.0(2)U6(7)" }, { "status": "affected", "version": "9.2(4)" }, { "status": "affected", "version": "7.0(3)IM3(2a)" }, { "status": "affected", "version": "6.0(2)A8(10)" }, { "status": "affected", "version": "6.0(2)A8(2)" }, { "status": "affected", "version": "7.0(3)IC4(4)" }, { "status": "affected", "version": "6.0(2)A6(3)" }, { "status": "affected", "version": "6.0(2)U6(5b)" }, { "status": "affected", "version": "7.0(3)F3(3c)" }, { "status": "affected", "version": "7.0(3)F3(1)" }, { "status": "affected", "version": "6.0(2)U6(5)" }, { "status": "affected", "version": "7.0(3)F3(5)" }, { "status": "affected", "version": "6.0(2)A6(7)" }, { "status": "affected", "version": "7.0(3)I7(2)" }, { "status": "affected", "version": "6.0(2)A6(5)" }, { "status": "affected", "version": "7.0(3)IM3(2b)" }, { "status": "affected", "version": "6.0(2)U6(4a)" }, { "status": "affected", "version": "7.0(3)I5(3)" }, { "status": "affected", "version": "7.0(3)I7(3)" }, { "status": "affected", "version": "6.0(2)A8(6)" }, { "status": "affected", "version": "7.0(3)I6(2)" }, { "status": "affected", "version": "6.0(2)A8(5)" }, { "status": "affected", "version": "6.0(2)U6(8)" }, { "status": "affected", "version": "7.0(3)IM3(3)" }, { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "6.0(2)U6(2)" }, { "status": "affected", "version": "6.0(2)A8(7)" }, { "status": "affected", "version": "7.0(3)I7(6)" }, { "status": "affected", "version": "6.0(2)U6(3a)" }, { "status": "affected", "version": "6.0(2)A8(11a)" }, { "status": "affected", "version": "7.0(3)I4(8z)" }, { "status": "affected", "version": "7.0(3)I4(9)" }, { "status": "affected", "version": "7.0(3)I7(4)" }, { "status": "affected", "version": "7.0(3)I7(7)" }, { "status": "affected", "version": "6.0(2)A8(9)" }, { "status": "affected", "version": "6.0(2)A8(1)" }, { "status": "affected", "version": "6.0(2)A6(6)" }, { "status": "affected", "version": "6.0(2)A8(10a)" }, { "status": "affected", "version": "7.0(3)I5(1)" }, { "status": "affected", "version": "9.3(1z)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "7.0(3)F3(4)" }, { "status": "affected", "version": "7.0(3)I4(8b)" }, { "status": "affected", "version": "6.0(2)A8(3)" }, { "status": "affected", "version": "7.0(3)I4(6t)" }, { "status": "affected", "version": "7.0(3)I5(3a)" }, { "status": "affected", "version": "6.0(2)A8(8)" }, { "status": "affected", "version": "7.0(3)I7(5)" }, { "status": "affected", "version": "7.0(3)F3(3a)" }, { "status": "affected", "version": "6.0(2)A8(4)" }, { "status": "affected", "version": "6.0(2)A6(3a)" }, { "status": "affected", "version": "6.0(2)A6(5a)" }, { "status": "affected", "version": "7.0(3)F2(1)" }, { "status": "affected", "version": "7.0(3)I4(8a)" }, { "status": "affected", "version": "6.0(2)U6(9)" }, { "status": "affected", "version": "7.0(3)F3(2)" }, { "status": "affected", "version": "6.0(2)U6(2a)" }, { "status": "affected", "version": "7.0(3)I4(4)" }, { "status": "affected", "version": "6.0(2)U6(3)" }, { "status": "affected", "version": "7.0(3)I7(1)" }, { "status": "affected", "version": "7.0(3)F2(2)" }, { "status": "affected", "version": "7.0(3)IA7(2)" }, { "status": "affected", "version": "7.0(3)IA7(1)" }, { "status": "affected", "version": "6.0(2)A8(7b)" }, { "status": "affected", "version": "7.0(3)F1(1)" }, { "status": "affected", "version": "6.0(2)A6(1a)" }, { "status": "affected", "version": "6.0(2)A6(2)" }, { "status": "affected", "version": "6.0(2)A8(4a)" }, { "status": "affected", "version": "6.0(2)U6(4)" }, { "status": "affected", "version": "9.3(3)" }, { "status": "affected", "version": "7.0(3)I7(8)" }, { "status": "affected", "version": "6.0(2)U6(10a)" }, { "status": "affected", "version": "9.3(4)" }, { "status": "affected", "version": "9.3(5)" }, { "status": "affected", "version": "7.0(3)I7(9)" }, { "status": "affected", "version": "9.3(6)" }, { "status": "affected", "version": "10.1(2)" }, { "status": "affected", "version": "10.1(1)" }, { "status": "affected", "version": "9.3(5w)" }, { "status": "affected", "version": "9.3(7)" }, { "status": "affected", "version": "9.3(7k)" }, { "status": "affected", "version": "7.0(3)I7(9w)" }, { "status": "affected", "version": "10.2(1)" }, { "status": "affected", "version": "9.3(7a)" }, { "status": "affected", "version": "9.3(8)" }, { "status": "affected", "version": "7.0(3)I7(10)" }, { "status": "affected", "version": "10.2(1q)" }, { "status": "affected", "version": "10.2(2)" }, { "status": "affected", "version": "9.3(9)" }, { "status": "affected", "version": "10.1(2t)" }, { "status": "affected", "version": "10.2(3)" }, { "status": "affected", "version": "10.2(3t)" }, { "status": "affected", "version": "9.3(10)" }, { "status": "affected", "version": "10.2(2a)" }, { "status": "affected", "version": "10.3(1)" }, { "status": "affected", "version": "10.2(4)" }, { "status": "affected", "version": "10.3(2)" }, { "status": "affected", "version": "9.3(11)" }, { "status": "affected", "version": "10.3(3)" }, { "status": "affected", "version": "10.2(5)" }, { "status": "affected", "version": "9.3(12)" }, { "status": "affected", "version": "10.2(3v)" }, { "status": "affected", "version": "10.4(1)" }, { "status": "affected", "version": "10.3(99w)" }, { "status": "affected", "version": "10.2(6)" }, { "status": "affected", "version": "10.3(3w)" }, { "status": "affected", "version": "10.3(99x)" }, { "status": "affected", "version": "10.3(3o)" }, { "status": "affected", "version": "10.3(4)" }, { "status": "affected", "version": "10.3(3p)" }, { "status": "affected", "version": "10.3(4a)" }, { "status": "affected", "version": "10.4(2)" }, { "status": "affected", "version": "10.3(3q)" }, { "status": "affected", "version": "9.3(13)" }, { "status": "affected", "version": "10.3(5)" }, { "status": "affected", "version": "10.2(7)" }, { "status": "affected", "version": "10.4(3)" }, { "status": "affected", "version": "10.3(3x)" }, { "status": "affected", "version": "10.3(4g)" }, { "status": "affected", "version": "10.3(3r)" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device.\r\n\r\nThis vulnerability is due to insufficient security restrictions when executing application arguments from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to create new users with the privileges of network-admin." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-28T16:27:29.365Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-nxos-bshacepe-bApeHSx7", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7" } ], "source": { "advisory": "cisco-sa-nxos-bshacepe-bApeHSx7", "defects": [ "CSCwh77783" ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Bash Privilege Escalation Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20413", "datePublished": "2024-08-28T16:27:29.365Z", "dateReserved": "2023-11-08T15:08:07.663Z", "dateUpdated": "2024-08-30T03:56:03.888Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1590
Vulnerability from cvelistv5
Published
2021-08-25 19:11
Modified
2024-11-07 22:02
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software system login block-for Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:10.362Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210825 Cisco NX-OS Software system login block-for Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1590", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-07T21:54:24.586511Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-07T22:02:13.143Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-25T19:11:18", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210825 Cisco NX-OS Software system login block-for Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu" } ], "source": { "advisory": "cisco-sa-nxos-login-blockfor-RwjGVEcu", "defect": [ [ "CSCuz49095", "CSCvw45963", "CSCvx74585" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software system login block-for Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-08-25T16:00:00", "ID": "CVE-2021-1590", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software system login block-for Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "20210825 Cisco NX-OS Software system login block-for Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu" } ] }, "source": { "advisory": "cisco-sa-nxos-login-blockfor-RwjGVEcu", "defect": [ [ "CSCuz49095", "CSCvw45963", "CSCvx74585" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1590", "datePublished": "2021-08-25T19:11:18.814603Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-07T22:02:13.143Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20650
Vulnerability from cvelistv5
Published
2022-02-23 17:40
Modified
2024-11-06 16:29
Severity ?
EPSS score ?
Summary
Cisco NX-OS Software NX-API Command Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2 | vendor-advisory, x_refsource_CISCO |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco NX-OS Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:53.010Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20220223 Cisco NX-OS Software NX-API Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20650", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-06T16:00:19.356755Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-06T16:29:59.156Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-23T17:40:10", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20220223 Cisco NX-OS Software NX-API Command Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2" } ], "source": { "advisory": "cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2", "defect": [ [ "CSCvz80191", "CSCvz81047" ] ], "discovery": "INTERNAL" }, "title": "Cisco NX-OS Software NX-API Command Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-02-23T16:00:00", "ID": "CVE-2022-20650", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software NX-API Command Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco NX-OS Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "20220223 Cisco NX-OS Software NX-API Command Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2" } ] }, "source": { "advisory": "cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2", "defect": [ [ "CSCvz80191", "CSCvz81047" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20650", "datePublished": "2022-02-23T17:40:10.476799Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-06T16:29:59.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }