All the vulnerabilites related to Cisco - Cisco NX-OS Software
cve-2019-1795
Vulnerability from cvelistv5
Published
2019-05-15 20:15
Modified
2024-09-16 16:32
Summary
Cisco FXOS and NX-OS Software Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.777Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1795)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1795"
          },
          {
            "name": "108479",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108479"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-28T16:06:05",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1795)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1795"
        },
        {
          "name": "108479",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108479"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-cmdinj-1795",
        "defect": [
          [
            "CSCvh20029",
            "CSCvh20359",
            "CSCvh66202",
            "CSCvh66214",
            "CSCvh66219",
            "CSCvh66243",
            "CSCvh66257",
            "CSCvh66259",
            "CSCvk30761"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco FXOS and NX-OS Software Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1795",
          "STATE": "PUBLIC",
          "TITLE": "Cisco FXOS and NX-OS Software Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1795)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1795"
            },
            {
              "name": "108479",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108479"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-cmdinj-1795",
          "defect": [
            [
              "CSCvh20029",
              "CSCvh20359",
              "CSCvh66202",
              "CSCvh66214",
              "CSCvh66219",
              "CSCvh66243",
              "CSCvh66257",
              "CSCvh66259",
              "CSCvk30761"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1795",
    "datePublished": "2019-05-15T20:15:17.287630Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T16:32:55.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1812
Vulnerability from cvelistv5
Published
2019-05-15 22:20
Modified
2024-09-17 00:21
Summary
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"
          },
          {
            "name": "108425",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108425"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-23T08:06:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"
        },
        {
          "name": "108425",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108425"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-sisv2",
        "defect": [
          [
            "CSCvj14093",
            "CSCvj14106",
            "CSCvj14182",
            "CSCvk53125",
            "CSCvk53227",
            "CSCvk53256"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1812",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-347"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"
            },
            {
              "name": "108425",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108425"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-sisv2",
          "defect": [
            [
              "CSCvj14093",
              "CSCvj14106",
              "CSCvj14182",
              "CSCvk53125",
              "CSCvk53227",
              "CSCvk53256"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1812",
    "datePublished": "2019-05-15T22:20:26.162102Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T00:21:31.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1729
Vulnerability from cvelistv5
Published
2019-05-15 16:45
Modified
2024-09-17 01:02
Summary
Cisco NX-OS Software Arbitrary File Overwrite Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:41.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Arbitrary File Overwrite Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write"
          },
          {
            "name": "108378",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108378"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no verification of user-input parameters and or digital-signature verification for image files when using a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device and issuing a command at the CLI. Because an exploit could allow the attacker to overwrite any file on the disk, including system files, a denial of service (DoS) condition could occur. The attacker must have valid administrator credentials for the affected device to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-20T14:06:08",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Arbitrary File Overwrite Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write"
        },
        {
          "name": "108378",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108378"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-file-write",
        "defect": [
          [
            "CSCvh76022",
            "CSCvj03856"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Arbitrary File Overwrite Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1729",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Arbitrary File Overwrite Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no verification of user-input parameters and or digital-signature verification for image files when using a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device and issuing a command at the CLI. Because an exploit could allow the attacker to overwrite any file on the disk, including system files, a denial of service (DoS) condition could occur. The attacker must have valid administrator credentials for the affected device to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Arbitrary File Overwrite Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write"
            },
            {
              "name": "108378",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108378"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-file-write",
          "defect": [
            [
              "CSCvh76022",
              "CSCvj03856"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1729",
    "datePublished": "2019-05-15T16:45:16.339171Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T01:02:08.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1588
Vulnerability from cvelistv5
Published
2021-08-25 19:11
Modified
2024-09-17 03:29
Summary
Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:10.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210825 Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-08-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply packet. An attacker could exploit this vulnerability by sending malicious MPLS echo-request or echo-reply packets to an interface that is enabled for MPLS forwarding on the affected device. A successful exploit could allow the attacker to cause the MPLS OAM process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-25T19:11:13",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210825 Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-mpls-oam-dos-sGO9x5GM",
        "defect": [
          [
            "CSCvx48078",
            "CSCvx66765"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-08-25T16:00:00",
          "ID": "CVE-2021-1588",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply packet. An attacker could exploit this vulnerability by sending malicious MPLS echo-request or echo-reply packets to an interface that is enabled for MPLS forwarding on the affected device. A successful exploit could allow the attacker to cause the MPLS OAM process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.6",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-126"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210825 Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-nxos-mpls-oam-dos-sGO9x5GM",
          "defect": [
            [
              "CSCvx48078",
              "CSCvx66765"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1588",
    "datePublished": "2021-08-25T19:11:13.438325Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-09-17T03:29:12.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-20824
Vulnerability from cvelistv5
Published
2022-08-25 18:40
Modified
2024-09-17 01:01
Summary
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:24:49.938Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220824 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220923-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-23T14:06:17",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220824 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220923-0001/"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-cdp-dos-ce-wWvPucC9",
        "defect": [
          [
            "CSCwb70210",
            "CSCwb74493",
            "CSCwb74494",
            "CSCwb74495",
            "CSCwb74496",
            "CSCwb74497",
            "CSCwb74498",
            "CSCwb74513"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2022-08-24T23:00:00",
          "ID": "CVE-2022-20824",
          "STATE": "PUBLIC",
          "TITLE": "Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.8",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-121"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220824 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220923-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220923-0001/"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-nxos-cdp-dos-ce-wWvPucC9",
          "defect": [
            [
              "CSCwb70210",
              "CSCwb74493",
              "CSCwb74494",
              "CSCwb74495",
              "CSCwb74496",
              "CSCwb74497",
              "CSCwb74498",
              "CSCwb74513"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20824",
    "datePublished": "2022-08-25T18:40:48.962538Z",
    "dateReserved": "2021-11-02T00:00:00",
    "dateUpdated": "2024-09-17T01:01:04.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1587
Vulnerability from cvelistv5
Published
2021-08-25 19:11
Modified
2024-09-16 20:37
Summary
Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:10.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210825 Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-08-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific packets with a Transparent Interconnection of Lots of Links (TRILL) OAM EtherType. An attacker could exploit this vulnerability by sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN (EVPN) fabric. A successful exploit could allow the attacker to cause an affected device to experience high CPU usage and consume excessive system resources, which may result in overall control plane instability and cause the affected device to reload. Note: The NGOAM feature is disabled by default."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-115",
              "description": "CWE-115",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-25T19:11:06",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210825 Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-ngoam-dos-LTDb9Hv",
        "defect": [
          [
            "CSCvx66917"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-08-25T16:00:00",
          "ID": "CVE-2021-1587",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific packets with a Transparent Interconnection of Lots of Links (TRILL) OAM EtherType. An attacker could exploit this vulnerability by sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN (EVPN) fabric. A successful exploit could allow the attacker to cause an affected device to experience high CPU usage and consume excessive system resources, which may result in overall control plane instability and cause the affected device to reload. Note: The NGOAM feature is disabled by default."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.6",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-115"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210825 Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-nxos-ngoam-dos-LTDb9Hv",
          "defect": [
            [
              "CSCvx66917"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1587",
    "datePublished": "2021-08-25T19:11:06.170453Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-09-16T20:37:55.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1733
Vulnerability from cvelistv5
Published
2019-05-15 16:50
Modified
2024-09-17 00:46
Summary
Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:41.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-nxapi-xss"
          },
          {
            "name": "108348",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108348"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this vulnerability by persuading a user of the NX-API Sandbox interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected NX-API Sandbox interface."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-16T16:06:22",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-nxapi-xss"
        },
        {
          "name": "108348",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108348"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-nxapi-xss",
        "defect": [
          [
            "CSCvj14814"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1733",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this vulnerability by persuading a user of the NX-API Sandbox interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected NX-API Sandbox interface."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.4",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-nxapi-xss"
            },
            {
              "name": "108348",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108348"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-nxapi-xss",
          "defect": [
            [
              "CSCvj14814"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1733",
    "datePublished": "2019-05-15T16:50:21.433983Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T00:46:29.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1361
Vulnerability from cvelistv5
Published
2021-02-24 19:30
Modified
2024-09-16 17:15
Severity ?
Summary
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:16.912Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210224 Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T19:30:41",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210224 Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2"
        }
      ],
      "source": {
        "advisory": "cisco-sa-3000-9000-fileaction-QtLzDRy2",
        "defect": [
          [
            "CSCvw89875"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-02-24T16:00:00",
          "ID": "CVE-2021-1361",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-552"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210224 Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-3000-9000-fileaction-QtLzDRy2",
          "defect": [
            [
              "CSCvw89875"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1361",
    "datePublished": "2021-02-24T19:30:41.350830Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-09-16T17:15:17.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1776
Vulnerability from cvelistv5
Published
2019-05-15 19:30
Modified
2024-09-17 02:58
Summary
Cisco NX-OS Software Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1776)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1776"
          },
          {
            "name": "108377",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108377"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-20T14:06:09",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1776)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1776"
        },
        {
          "name": "108377",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108377"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-cmdinj-1776",
        "defect": [
          [
            "CSCvh20076",
            "CSCvh20081",
            "CSCvi96429",
            "CSCvi96431",
            "CSCvi96432",
            "CSCvi96433"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1776",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1776)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1776"
            },
            {
              "name": "108377",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108377"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-cmdinj-1776",
          "defect": [
            [
              "CSCvh20076",
              "CSCvh20081",
              "CSCvi96429",
              "CSCvi96431",
              "CSCvi96432",
              "CSCvi96433"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1776",
    "datePublished": "2019-05-15T19:30:23.065020Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T02:58:16.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1767
Vulnerability from cvelistv5
Published
2019-05-15 18:45
Modified
2024-09-16 19:10
Summary
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.722Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj"
          },
          {
            "name": "108386",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108386"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities. NX-OS versions prior to 8.3(1) are affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-20T15:06:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj"
        },
        {
          "name": "108386",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108386"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-overflow-inj",
        "defect": [
          [
            "CSCvh76129",
            "CSCvh76132",
            "CSCvj00497",
            "CSCvj10162"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1767",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities. NX-OS versions prior to 8.3(1) are affected."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj"
            },
            {
              "name": "108386",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108386"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-overflow-inj",
          "defect": [
            [
              "CSCvh76129",
              "CSCvh76132",
              "CSCvj00497",
              "CSCvj10162"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1767",
    "datePublished": "2019-05-15T18:45:18.115908Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T19:10:19.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1728
Vulnerability from cvelistv5
Published
2019-05-15 16:45
Modified
2024-09-16 21:57
Summary
Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-conf-bypass"
          },
          {
            "name": "108391",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108391"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-21T12:06:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-conf-bypass"
        },
        {
          "name": "108391",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108391"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-conf-bypass",
        "defect": [
          [
            "CSCvh20223",
            "CSCvi96577",
            "CSCvi96578",
            "CSCvi96579",
            "CSCvi96580",
            "CSCvi96583",
            "CSCvi96584"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1728",
          "STATE": "PUBLIC",
          "TITLE": "Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-347"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-conf-bypass"
            },
            {
              "name": "108391",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108391"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-conf-bypass",
          "defect": [
            [
              "CSCvh20223",
              "CSCvi96577",
              "CSCvi96578",
              "CSCvi96579",
              "CSCvi96580",
              "CSCvi96583",
              "CSCvi96584"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1728",
    "datePublished": "2019-05-15T16:45:23.499873Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T21:57:48.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20286
Vulnerability from cvelistv5
Published
2024-08-28 16:37
Modified
2024-08-28 17:23
Summary
Cisco NX-OS Software Python Parser Escape Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20286",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T17:23:47.624528Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T17:23:56.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "8.2(5)"
            },
            {
              "status": "affected",
              "version": "7.3(5)D1(1)"
            },
            {
              "status": "affected",
              "version": "8.4(2)"
            },
            {
              "status": "affected",
              "version": "6.2(2)"
            },
            {
              "status": "affected",
              "version": "8.4(3)"
            },
            {
              "status": "affected",
              "version": "9.2(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(2)"
            },
            {
              "status": "affected",
              "version": "8.2(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(1)"
            },
            {
              "status": "affected",
              "version": "7.3(1)D1(1)"
            },
            {
              "status": "affected",
              "version": "6.2(14a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(3)"
            },
            {
              "status": "affected",
              "version": "9.2(2v)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5b)"
            },
            {
              "status": "affected",
              "version": "7.3(0)D1(1)"
            },
            {
              "status": "affected",
              "version": "6.2(17a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(1a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(4a)"
            },
            {
              "status": "affected",
              "version": "6.2(9)"
            },
            {
              "status": "affected",
              "version": "6.2(5)"
            },
            {
              "status": "affected",
              "version": "7.3(4)D1(1)"
            },
            {
              "status": "affected",
              "version": "6.2(20)"
            },
            {
              "status": "affected",
              "version": "9.2(1)"
            },
            {
              "status": "affected",
              "version": "9.2(2t)"
            },
            {
              "status": "affected",
              "version": "9.2(3y)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(1t)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5c)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(6z)"
            },
            {
              "status": "affected",
              "version": "9.3(2)"
            },
            {
              "status": "affected",
              "version": "7.3(1)DY(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(6)"
            },
            {
              "status": "affected",
              "version": "6.2(29)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(3z)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM7(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11b)"
            },
            {
              "status": "affected",
              "version": "6.2(9a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5a)"
            },
            {
              "status": "affected",
              "version": "6.2(11d)"
            },
            {
              "status": "affected",
              "version": "8.1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(10)"
            },
            {
              "status": "affected",
              "version": "7.2(2)D1(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(8)"
            },
            {
              "status": "affected",
              "version": "8.2(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(3b)"
            },
            {
              "status": "affected",
              "version": "8.3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(2a)"
            },
            {
              "status": "affected",
              "version": "6.2(27)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(7)"
            },
            {
              "status": "affected",
              "version": "9.2(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(2a)"
            },
            {
              "status": "affected",
              "version": "6.2(8b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10)"
            },
            {
              "status": "affected",
              "version": "6.2(13)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IC4(4)"
            },
            {
              "status": "affected",
              "version": "6.2(1)"
            },
            {
              "status": "affected",
              "version": "8.1(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3c)"
            },
            {
              "status": "affected",
              "version": "7.3(3)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(5)"
            },
            {
              "status": "affected",
              "version": "8.2(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(2)"
            },
            {
              "status": "affected",
              "version": "6.2(5a)"
            },
            {
              "status": "affected",
              "version": "6.2(18)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(2b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(4a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(2)"
            },
            {
              "status": "affected",
              "version": "8.3(1)"
            },
            {
              "status": "affected",
              "version": "6.2(3)"
            },
            {
              "status": "affected",
              "version": "6.2(22)"
            },
            {
              "status": "affected",
              "version": "8.4(1)"
            },
            {
              "status": "affected",
              "version": "8.1(1b)"
            },
            {
              "status": "affected",
              "version": "7.2(2)D1(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(5)"
            },
            {
              "status": "affected",
              "version": "7.3(0)DX(1)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(3)"
            },
            {
              "status": "affected",
              "version": "9.3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(2)"
            },
            {
              "status": "affected",
              "version": "6.2(9b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(6)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(2)"
            },
            {
              "status": "affected",
              "version": "6.2(25)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(3a)"
            },
            {
              "status": "affected",
              "version": "8.0(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11a)"
            },
            {
              "status": "affected",
              "version": "6.2(11e)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8z)"
            },
            {
              "status": "affected",
              "version": "6.2(11)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(9)"
            },
            {
              "status": "affected",
              "version": "6.2(16)"
            },
            {
              "status": "affected",
              "version": "6.2(19)"
            },
            {
              "status": "affected",
              "version": "8.2(4)"
            },
            {
              "status": "affected",
              "version": "6.2(2a)"
            },
            {
              "status": "affected",
              "version": "7.2(2)D1(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(7)"
            },
            {
              "status": "affected",
              "version": "6.2(5b)"
            },
            {
              "status": "affected",
              "version": "7.3(0)DY(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(1)"
            },
            {
              "status": "affected",
              "version": "7.2(1)D1(1)"
            },
            {
              "status": "affected",
              "version": "6.2(15)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(1)"
            },
            {
              "status": "affected",
              "version": "9.3(1z)"
            },
            {
              "status": "affected",
              "version": "9.2(2)"
            },
            {
              "status": "affected",
              "version": "6.2(7)"
            },
            {
              "status": "affected",
              "version": "6.2(9c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(4)"
            },
            {
              "status": "affected",
              "version": "6.2(6b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8b)"
            },
            {
              "status": "affected",
              "version": "8.1(2a)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(3)"
            },
            {
              "status": "affected",
              "version": "6.2(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(3)"
            },
            {
              "status": "affected",
              "version": "6.2(11b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(6t)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(3a)"
            },
            {
              "status": "affected",
              "version": "8.1(1a)"
            },
            {
              "status": "affected",
              "version": "6.2(13a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F2(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(9)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(2a)"
            },
            {
              "status": "affected",
              "version": "6.2(12)"
            },
            {
              "status": "affected",
              "version": "6.2(17)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(4)"
            },
            {
              "status": "affected",
              "version": "6.2(23)"
            },
            {
              "status": "affected",
              "version": "6.2(13b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(3)"
            },
            {
              "status": "affected",
              "version": "6.2(10)"
            },
            {
              "status": "affected",
              "version": "6.2(6a)"
            },
            {
              "status": "affected",
              "version": "6.2(6)"
            },
            {
              "status": "affected",
              "version": "6.2(14)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(1)"
            },
            {
              "status": "affected",
              "version": "6.2(14b)"
            },
            {
              "status": "affected",
              "version": "6.2(21)"
            },
            {
              "status": "affected",
              "version": "7.2(2)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F2(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IA7(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IA7(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7b)"
            },
            {
              "status": "affected",
              "version": "6.2(8a)"
            },
            {
              "status": "affected",
              "version": "6.2(11c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F1(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(1a)"
            },
            {
              "status": "affected",
              "version": "7.2(0)D1(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4a)"
            },
            {
              "status": "affected",
              "version": "6.2(20a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(4)"
            },
            {
              "status": "affected",
              "version": "8.4(1a)"
            },
            {
              "status": "affected",
              "version": "9.3(3)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(1d)"
            },
            {
              "status": "affected",
              "version": "6.2(24)"
            },
            {
              "status": "affected",
              "version": "6.2(31)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(10a)"
            },
            {
              "status": "affected",
              "version": "9.3(4)"
            },
            {
              "status": "affected",
              "version": "7.3(6)D1(1)"
            },
            {
              "status": "affected",
              "version": "6.2(26)"
            },
            {
              "status": "affected",
              "version": "8.2(6)"
            },
            {
              "status": "affected",
              "version": "6.2(33)"
            },
            {
              "status": "affected",
              "version": "9.3(5)"
            },
            {
              "status": "affected",
              "version": "8.4(2a)"
            },
            {
              "status": "affected",
              "version": "8.4(2b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(9)"
            },
            {
              "status": "affected",
              "version": "6.2(24a)"
            },
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "9.3(6)"
            },
            {
              "status": "affected",
              "version": "10.1(2)"
            },
            {
              "status": "affected",
              "version": "10.1(1)"
            },
            {
              "status": "affected",
              "version": "8.4(4)"
            },
            {
              "status": "affected",
              "version": "7.3(7)D1(1)"
            },
            {
              "status": "affected",
              "version": "8.4(2c)"
            },
            {
              "status": "affected",
              "version": "9.3(5w)"
            },
            {
              "status": "affected",
              "version": "8.2(7)"
            },
            {
              "status": "affected",
              "version": "9.3(7)"
            },
            {
              "status": "affected",
              "version": "9.3(7k)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(9w)"
            },
            {
              "status": "affected",
              "version": "10.2(1)"
            },
            {
              "status": "affected",
              "version": "7.3(8)D1(1)"
            },
            {
              "status": "affected",
              "version": "9.3(7a)"
            },
            {
              "status": "affected",
              "version": "8.2(7a)"
            },
            {
              "status": "affected",
              "version": "9.3(8)"
            },
            {
              "status": "affected",
              "version": "8.4(4a)"
            },
            {
              "status": "affected",
              "version": "8.4(2d)"
            },
            {
              "status": "affected",
              "version": "8.4(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(10)"
            },
            {
              "status": "affected",
              "version": "8.2(8)"
            },
            {
              "status": "affected",
              "version": "10.2(1q)"
            },
            {
              "status": "affected",
              "version": "10.2(2)"
            },
            {
              "status": "affected",
              "version": "9.3(9)"
            },
            {
              "status": "affected",
              "version": "10.1(2t)"
            },
            {
              "status": "affected",
              "version": "7.3(9)D1(1)"
            },
            {
              "status": "affected",
              "version": "10.2(3)"
            },
            {
              "status": "affected",
              "version": "8.4(6)"
            },
            {
              "status": "affected",
              "version": "10.2(3t)"
            },
            {
              "status": "affected",
              "version": "8.4(2e)"
            },
            {
              "status": "affected",
              "version": "9.3(10)"
            },
            {
              "status": "affected",
              "version": "10.2(2a)"
            },
            {
              "status": "affected",
              "version": "9.2(1a)"
            },
            {
              "status": "affected",
              "version": "8.2(9)"
            },
            {
              "status": "affected",
              "version": "10.3(1)"
            },
            {
              "status": "affected",
              "version": "10.2(4)"
            },
            {
              "status": "affected",
              "version": "8.4(7)"
            },
            {
              "status": "affected",
              "version": "10.3(2)"
            },
            {
              "status": "affected",
              "version": "8.4(6a)"
            },
            {
              "status": "affected",
              "version": "9.3(11)"
            },
            {
              "status": "affected",
              "version": "10.3(3)"
            },
            {
              "status": "affected",
              "version": "10.2(5)"
            },
            {
              "status": "affected",
              "version": "9.4(1)"
            },
            {
              "status": "affected",
              "version": "9.3(2a)"
            },
            {
              "status": "affected",
              "version": "8.4(2f)"
            },
            {
              "status": "affected",
              "version": "8.2(10)"
            },
            {
              "status": "affected",
              "version": "9.3(12)"
            },
            {
              "status": "affected",
              "version": "10.2(3v)"
            },
            {
              "status": "affected",
              "version": "10.4(1)"
            },
            {
              "status": "affected",
              "version": "8.4(8)"
            },
            {
              "status": "affected",
              "version": "10.3(99w)"
            },
            {
              "status": "affected",
              "version": "10.2(6)"
            },
            {
              "status": "affected",
              "version": "10.3(3w)"
            },
            {
              "status": "affected",
              "version": "10.3(99x)"
            },
            {
              "status": "affected",
              "version": "10.3(3o)"
            },
            {
              "status": "affected",
              "version": "8.4(9)"
            },
            {
              "status": "affected",
              "version": "10.3(4)"
            },
            {
              "status": "affected",
              "version": "10.3(3p)"
            },
            {
              "status": "affected",
              "version": "10.3(4a)"
            },
            {
              "status": "affected",
              "version": "9.4(1a)"
            },
            {
              "status": "affected",
              "version": "10.4(2)"
            },
            {
              "status": "affected",
              "version": "10.3(3q)"
            },
            {
              "status": "affected",
              "version": "9.3(13)"
            },
            {
              "status": "affected",
              "version": "10.2(7)"
            },
            {
              "status": "affected",
              "version": "10.3(3x)"
            },
            {
              "status": "affected",
              "version": "10.3(4g)"
            },
            {
              "status": "affected",
              "version": "10.3(3r)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.\r\n\r\nThe vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.\u0026nbsp;\r\nNote: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the  section of the Cisco Nexus 9000 Series NX-OS Programmability Guide."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "Protection Mechanism Failure",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-28T16:37:17.319Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-nxos-psbe-ce-YvbTn5du",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du"
        },
        {
          "name": "Cisco NX-OS Security with Python",
          "url": "https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-psbe-ce-YvbTn5du",
        "defects": [
          "CSCwh77781"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Python Parser Escape Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20286",
    "datePublished": "2024-08-28T16:37:17.319Z",
    "dateReserved": "2023-11-08T15:08:07.626Z",
    "dateUpdated": "2024-08-28T17:23:56.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1783
Vulnerability from cvelistv5
Published
2019-05-15 20:05
Modified
2024-09-16 22:08
Summary
Cisco NX-OS Software Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1783)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1783"
          },
          {
            "name": "108370",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108370"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T12:06:06",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1783)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1783"
        },
        {
          "name": "108370",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108370"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-cmdinj-1783",
        "defect": [
          [
            "CSCvi42281",
            "CSCvj03966"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1783",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1783)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1783"
            },
            {
              "name": "108370",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108370"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-cmdinj-1783",
          "defect": [
            [
              "CSCvi42281",
              "CSCvj03966"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1783",
    "datePublished": "2019-05-15T20:05:29.910200Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T22:08:44.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20446
Vulnerability from cvelistv5
Published
2024-08-28 16:31
Modified
2024-08-28 18:49
Summary
Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:cisco:nx-os:10.2\\(1\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nx-os",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.2\\(1\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:cisco:nx-os:10.2\\(1q\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nx-os",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.2\\(1q\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:cisco:nx-os:9.3\\(9\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nx-os",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "9.3\\(9\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:cisco:nx-os:8.2\\(11\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nx-os",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "8.2\\(11\\)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20446",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T18:45:44.020456Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T18:49:32.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.2(1)"
            },
            {
              "status": "affected",
              "version": "10.2(1q)"
            },
            {
              "status": "affected",
              "version": "9.3(9)"
            },
            {
              "status": "affected",
              "version": "8.2(11)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to any IPv6 address that is configured on an affected device. A successful exploit could allow the attacker to cause the dhcp_snoop process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-28T16:31:32.514Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn",
        "defects": [
          "CSCwk27906"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20446",
    "datePublished": "2024-08-28T16:31:32.514Z",
    "dateReserved": "2023-11-08T15:08:07.678Z",
    "dateUpdated": "2024-08-28T18:49:32.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-20625
Vulnerability from cvelistv5
Published
2022-02-23 17:40
Modified
2024-09-16 22:03
Summary
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:17:52.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220223 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-23T17:40:15",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220223 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cdp-dos-G8DPLWYG",
        "defect": [
          [
            "CSCvz72442",
            "CSCvz72462",
            "CSCvz72463",
            "CSCvz72464",
            "CSCvz72465",
            "CSCvz72466",
            "CSCvz72467",
            "CSCvz74433"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2022-02-23T16:00:00",
          "ID": "CVE-2022-20625",
          "STATE": "PUBLIC",
          "TITLE": "Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.3",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220223 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cdp-dos-G8DPLWYG",
          "defect": [
            [
              "CSCvz72442",
              "CSCvz72462",
              "CSCvz72463",
              "CSCvz72464",
              "CSCvz72465",
              "CSCvz72466",
              "CSCvz72467",
              "CSCvz74433"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20625",
    "datePublished": "2022-02-23T17:40:15.926880Z",
    "dateReserved": "2021-11-02T00:00:00",
    "dateUpdated": "2024-09-16T22:03:25.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-20624
Vulnerability from cvelistv5
Published
2022-02-23 17:40
Modified
2024-09-16 22:30
Summary
Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:17:52.991Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220223 Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-23T17:40:21",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220223 Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cfsoip-dos-tpykyDr",
        "defect": [
          [
            "CSCvy95696",
            "CSCvy95840"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2022-02-23T16:00:00",
          "ID": "CVE-2022-20624",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.6",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220223 Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cfsoip-dos-tpykyDr",
          "defect": [
            [
              "CSCvy95696",
              "CSCvy95840"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20624",
    "datePublished": "2022-02-23T17:40:21.653325Z",
    "dateReserved": "2021-11-02T00:00:00",
    "dateUpdated": "2024-09-16T22:30:34.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1727
Vulnerability from cvelistv5
Published
2019-05-15 16:45
Modified
2024-09-17 00:51
Summary
Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:41.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-pyth-escal"
          },
          {
            "name": "108341",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108341"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "6.2(25)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "8.3(2)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0(3)I7(3)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "9.2(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker\u0027s privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker\u0027s privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "CWE-264",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-16T09:06:04",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-pyth-escal"
        },
        {
          "name": "108341",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108341"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-pyth-escal",
        "defect": [
          [
            "CSCvh24788",
            "CSCvi99282",
            "CSCvi99284",
            "CSCvi99288"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1727",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.2(25)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(2)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.0(3)I7(3)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "9.2(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker\u0027s privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker\u0027s privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.2",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-pyth-escal"
            },
            {
              "name": "108341",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108341"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-pyth-escal",
          "defect": [
            [
              "CSCvh24788",
              "CSCvi99282",
              "CSCvi99284",
              "CSCvi99288"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1727",
    "datePublished": "2019-05-15T16:45:30.751023Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T00:51:24.873Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3517
Vulnerability from cvelistv5
Published
2020-08-27 15:40
Modified
2024-09-16 18:24
Summary
Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:37:54.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200826 Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-cfs-dos-dAmnymbd"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-08-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-27T15:40:48",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200826 Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-cfs-dos-dAmnymbd"
        }
      ],
      "source": {
        "advisory": "cisco-sa-fxos-nxos-cfs-dos-dAmnymbd",
        "defect": [
          [
            "CSCvt39630",
            "CSCvt46835",
            "CSCvt46837",
            "CSCvt46838",
            "CSCvt46839",
            "CSCvt46877"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-08-26T16:00:00",
          "ID": "CVE-2020-3517",
          "STATE": "PUBLIC",
          "TITLE": "Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.6",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200826 Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-cfs-dos-dAmnymbd"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-fxos-nxos-cfs-dos-dAmnymbd",
          "defect": [
            [
              "CSCvt39630",
              "CSCvt46835",
              "CSCvt46837",
              "CSCvt46838",
              "CSCvt46839",
              "CSCvt46877"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3517",
    "datePublished": "2020-08-27T15:40:48.124786Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-09-16T18:24:48.482Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1590
Vulnerability from cvelistv5
Published
2021-08-25 19:11
Modified
2024-09-16 23:31
Summary
Cisco NX-OS Software system login block-for Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:10.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210825 Cisco NX-OS Software system login block-for Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-08-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-25T19:11:18",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210825 Cisco NX-OS Software system login block-for Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-login-blockfor-RwjGVEcu",
        "defect": [
          [
            "CSCuz49095",
            "CSCvw45963",
            "CSCvx74585"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software system login block-for Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-08-25T16:00:00",
          "ID": "CVE-2021-1590",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software system login block-for Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210825 Cisco NX-OS Software system login block-for Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-nxos-login-blockfor-RwjGVEcu",
          "defect": [
            [
              "CSCuz49095",
              "CSCvw45963",
              "CSCvx74585"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1590",
    "datePublished": "2021-08-25T19:11:18.814603Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-09-16T23:31:43.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-20650
Vulnerability from cvelistv5
Published
2022-02-23 17:40
Modified
2024-09-17 00:51
Summary
Cisco NX-OS Software NX-API Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:17:53.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220223 Cisco NX-OS Software NX-API Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-23T17:40:10",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220223 Cisco NX-OS Software NX-API Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2",
        "defect": [
          [
            "CSCvz80191",
            "CSCvz81047"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software NX-API Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2022-02-23T16:00:00",
          "ID": "CVE-2022-20650",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software NX-API Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.8",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220223 Cisco NX-OS Software NX-API Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2",
          "defect": [
            [
              "CSCvz80191",
              "CSCvz81047"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20650",
    "datePublished": "2022-02-23T17:40:10.476799Z",
    "dateReserved": "2021-11-02T00:00:00",
    "dateUpdated": "2024-09-17T00:51:00.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1768
Vulnerability from cvelistv5
Published
2019-05-16 01:25
Modified
2024-09-17 00:16
Summary
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj"
          },
          {
            "name": "108386",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108386"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-20T15:06:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj"
        },
        {
          "name": "108386",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108386"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-overflow-inj",
        "defect": [
          [
            "CSCvh76129",
            "CSCvh76132",
            "CSCvj00497",
            "CSCvj10162"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1768",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-overflow-inj"
            },
            {
              "name": "108386",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108386"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-overflow-inj",
          "defect": [
            [
              "CSCvh76129",
              "CSCvh76132",
              "CSCvj00497",
              "CSCvj10162"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1768",
    "datePublished": "2019-05-16T01:25:21.627879Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T00:16:29.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1779
Vulnerability from cvelistv5
Published
2019-05-15 19:40
Modified
2024-09-16 18:08
Summary
Cisco FXOS and NX-OS Software Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.641Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1779)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1779"
          },
          {
            "name": "108394",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108394"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-21T17:06:03",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1779)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1779"
        },
        {
          "name": "108394",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108394"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-fxos-cmdinj-1779",
        "defect": [
          [
            "CSCve51688",
            "CSCvh76126",
            "CSCvj00412",
            "CSCvj00416",
            "CSCvj00418"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco FXOS and NX-OS Software Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1779",
          "STATE": "PUBLIC",
          "TITLE": "Cisco FXOS and NX-OS Software Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.2",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1779)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1779"
            },
            {
              "name": "108394",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108394"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-fxos-cmdinj-1779",
          "defect": [
            [
              "CSCve51688",
              "CSCvh76126",
              "CSCvj00412",
              "CSCvj00416",
              "CSCvj00418"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1779",
    "datePublished": "2019-05-15T19:40:16.540228Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T18:08:07.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1965
Vulnerability from cvelistv5
Published
2019-08-28 18:55
Modified
2024-09-17 02:41
Summary
Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:35:51.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190828 Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.4(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-08-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-28T18:55:13",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190828 Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190828-nxos-memleak-dos",
        "defect": [
          [
            "CSCvi15409",
            "CSCvn50393",
            "CSCvn50443",
            "CSCvn50446",
            "CSCvn52167"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-08-28T16:00:00-0700",
          "ID": "CVE-2019-1965",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.4(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.7",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190828 Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190828-nxos-memleak-dos",
          "defect": [
            [
              "CSCvi15409",
              "CSCvn50393",
              "CSCvn50443",
              "CSCvn50446",
              "CSCvn52167"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1965",
    "datePublished": "2019-08-28T18:55:13.586838Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T02:41:27.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1790
Vulnerability from cvelistv5
Published
2019-05-15 20:05
Modified
2024-09-16 23:05
Summary
Cisco NX-OS Software Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1790)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1790"
          },
          {
            "name": "108383",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108383"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-20T14:06:09",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1790)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1790"
        },
        {
          "name": "108383",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108383"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-cmdinj-1790",
        "defect": [
          [
            "CSCvh20096",
            "CSCvh20112",
            "CSCvi96504",
            "CSCvi96509",
            "CSCvi96510"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1790",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1790)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1790"
            },
            {
              "name": "108383",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108383"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-cmdinj-1790",
          "defect": [
            [
              "CSCvh20096",
              "CSCvh20112",
              "CSCvi96504",
              "CSCvi96509",
              "CSCvi96510"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1790",
    "datePublished": "2019-05-15T20:05:14.522885Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T23:05:23.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1778
Vulnerability from cvelistv5
Published
2019-05-15 19:35
Modified
2024-09-16 20:12
Summary
Cisco NX-OS Software Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.803Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1778)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778"
          },
          {
            "name": "108362",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108362"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "7.0(3)I7(4)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T12:06:06",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1778)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778"
        },
        {
          "name": "108362",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108362"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-cmdinj-1778",
        "defect": [
          [
            "CSCvh75996",
            "CSCvj03877"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1778",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.0(3)I7(4)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1778)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778"
            },
            {
              "name": "108362",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108362"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-cmdinj-1778",
          "defect": [
            [
              "CSCvh75996",
              "CSCvj03877"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1778",
    "datePublished": "2019-05-15T19:35:18.903829Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T20:12:08.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1791
Vulnerability from cvelistv5
Published
2019-05-15 20:15
Modified
2024-09-16 20:17
Summary
Cisco NX-OS Software Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.852Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1791)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1791"
          },
          {
            "name": "108390",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108390"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-21T09:06:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1791)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1791"
        },
        {
          "name": "108390",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108390"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-cmdinj-1791",
        "defect": [
          [
            "CSCvj63270",
            "CSCvj63667",
            "CSCvk50873",
            "CSCvk50876",
            "CSCvk50889"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1791",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1791)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1791"
            },
            {
              "name": "108390",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108390"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-cmdinj-1791",
          "defect": [
            [
              "CSCvj63270",
              "CSCvj63667",
              "CSCvk50873",
              "CSCvk50876",
              "CSCvk50889"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1791",
    "datePublished": "2019-05-15T20:15:27.487532Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T20:17:32.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20413
Vulnerability from cvelistv5
Published
2024-08-28 16:27
Modified
2024-08-30 03:56
Summary
Cisco NX-OS Bash Privilege Escalation Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:cisco:nx-os:9.2\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(7a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(5\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(6\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.2\\(2v\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(5b\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(7\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(1a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(8\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(5a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(11\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(4a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.2\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.2\\(2t\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.2\\(3y\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(1t\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(5c\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(4\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(6z\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(6\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(3z\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im7\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(11b\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(5a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i6\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(10\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(8\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(3b\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(2a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(7\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.2\\(4\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(2a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(10\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)ic4\\(4\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(5b\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3c\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(5\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(5\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(7\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(5\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(2b\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(4a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(6\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i6\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(5\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(8\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)im3\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(7\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(6\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(3a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(11a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(8z\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(9\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(4\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(7\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(9\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(6\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(10a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(1z\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.2\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(4\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(8b\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(6t\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i5\\(3a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(8\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(5\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(3a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(4\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(3a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(5a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f2\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(8a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(9\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f3\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(2a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(4\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f2\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)ia7\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)ia7\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(7b\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)f1\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(1a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a6\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(4a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(4\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(8\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)u6\\(10a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(4\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(5\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(9\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(6\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.1\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.1\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(5w\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(7\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(7k\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(9w\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.2\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(7a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(8\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(10\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.2\\(1q\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.2\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(9\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.1\\(2t\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.2\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.2\\(3t\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(10\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.2\\(2a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.2\\(4\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(11\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.2\\(5\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(12\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.2\\(3v\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.4\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(99w\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.2\\(6\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(3w\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(99x\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(3o\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(4\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(3p\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(4a\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.4\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(3q\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:9.3\\(13\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.2\\(7\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(3x\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(4g\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:nx-os:10.3\\(3r\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nx-os",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "9.2\\(3\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i5\\(2\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(7a\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(5\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(1\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(6\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(3\\)"
              },
              {
                "status": "affected",
                "version": "9.2\\(2v\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(5b\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(7\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(1a\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(1\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(8\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(2\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)im3\\(1\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(5a\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(11\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(4a\\)"
              },
              {
                "status": "affected",
                "version": "9.2\\(1\\)"
              },
              {
                "status": "affected",
                "version": "9.2\\(2t\\)"
              },
              {
                "status": "affected",
                "version": "9.2\\(3y\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(1t\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(5c\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(4\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(6z\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(2\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)f3\\(3\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(6\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(3z\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)im7\\(2\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(11b\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(5a\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i6\\(1\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(10\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)im3\\(2\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(8\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(1\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i5\\(3b\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(2a\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(7\\)"
              },
              {
                "status": "affected",
                "version": "9.2\\(4\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)im3\\(2a\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(10\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(2\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)ic4\\(4\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(3\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(5b\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)f3\\(3c\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)f3\\(1\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(5\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)f3\\(5\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(7\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(2\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(5\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)im3\\(2b\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(4a\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i5\\(3\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(3\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(6\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i6\\(2\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(5\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(8\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)im3\\(3\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(1\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(2\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(7\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(6\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(3a\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(11a\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(8z\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(9\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(4\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(7\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(9\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(1\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(6\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(10a\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i5\\(1\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(1z\\)"
              },
              {
                "status": "affected",
                "version": "9.2\\(2\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)f3\\(4\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(8b\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(3\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(6t\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i5\\(3a\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(8\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(5\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)f3\\(3a\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(4\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(3a\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(5a\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)f2\\(1\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(8a\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(9\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)f3\\(2\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(2a\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i4\\(4\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(3\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(1\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)f2\\(2\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)ia7\\(2\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)ia7\\(1\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(7b\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)f1\\(1\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(1a\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a6\\(2\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)a8\\(4a\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(4\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(3\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(8\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2\\)u6\\(10a\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(4\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(5\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(9\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(6\\)"
              },
              {
                "status": "affected",
                "version": "10.1\\(2\\)"
              },
              {
                "status": "affected",
                "version": "10.1\\(1\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(5w\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(7\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(7k\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(9w\\)"
              },
              {
                "status": "affected",
                "version": "10.2\\(1\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(7a\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(8\\)"
              },
              {
                "status": "affected",
                "version": "7.0\\(3\\)i7\\(10\\)"
              },
              {
                "status": "affected",
                "version": "10.2\\(1q\\)"
              },
              {
                "status": "affected",
                "version": "10.2\\(2\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(9\\)"
              },
              {
                "status": "affected",
                "version": "10.1\\(2t\\)"
              },
              {
                "status": "affected",
                "version": "10.2\\(3\\)"
              },
              {
                "status": "affected",
                "version": "10.2\\(3t\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(10\\)"
              },
              {
                "status": "affected",
                "version": "10.2\\(2a\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(1\\)"
              },
              {
                "status": "affected",
                "version": "10.2\\(4\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(2\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(11\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(3\\)"
              },
              {
                "status": "affected",
                "version": "10.2\\(5\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(12\\)"
              },
              {
                "status": "affected",
                "version": "10.2\\(3v\\)"
              },
              {
                "status": "affected",
                "version": "10.4\\(1\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(99w\\)"
              },
              {
                "status": "affected",
                "version": "10.2\\(6\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(3w\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(99x\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(3o\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(4\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(3p\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(4a\\)"
              },
              {
                "status": "affected",
                "version": "10.4\\(2\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(3q\\)"
              },
              {
                "status": "affected",
                "version": "9.3\\(13\\)"
              },
              {
                "status": "affected",
                "version": "10.2\\(7\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(3x\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(4g\\)"
              },
              {
                "status": "affected",
                "version": "10.3\\(3r\\)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20413",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-29T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T03:56:03.888Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "9.2(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(3)"
            },
            {
              "status": "affected",
              "version": "9.2(2v)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(1a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(4a)"
            },
            {
              "status": "affected",
              "version": "9.2(1)"
            },
            {
              "status": "affected",
              "version": "9.2(2t)"
            },
            {
              "status": "affected",
              "version": "9.2(3y)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(1t)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5c)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(6z)"
            },
            {
              "status": "affected",
              "version": "9.3(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(3z)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM7(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(10)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(3b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(2a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(7)"
            },
            {
              "status": "affected",
              "version": "9.2(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(2a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IC4(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(2b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(4a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(3)"
            },
            {
              "status": "affected",
              "version": "9.3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8z)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(9)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(1)"
            },
            {
              "status": "affected",
              "version": "9.3(1z)"
            },
            {
              "status": "affected",
              "version": "9.2(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(6t)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F2(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(9)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(2a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F2(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IA7(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IA7(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F1(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(4)"
            },
            {
              "status": "affected",
              "version": "9.3(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(10a)"
            },
            {
              "status": "affected",
              "version": "9.3(4)"
            },
            {
              "status": "affected",
              "version": "9.3(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(9)"
            },
            {
              "status": "affected",
              "version": "9.3(6)"
            },
            {
              "status": "affected",
              "version": "10.1(2)"
            },
            {
              "status": "affected",
              "version": "10.1(1)"
            },
            {
              "status": "affected",
              "version": "9.3(5w)"
            },
            {
              "status": "affected",
              "version": "9.3(7)"
            },
            {
              "status": "affected",
              "version": "9.3(7k)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(9w)"
            },
            {
              "status": "affected",
              "version": "10.2(1)"
            },
            {
              "status": "affected",
              "version": "9.3(7a)"
            },
            {
              "status": "affected",
              "version": "9.3(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(10)"
            },
            {
              "status": "affected",
              "version": "10.2(1q)"
            },
            {
              "status": "affected",
              "version": "10.2(2)"
            },
            {
              "status": "affected",
              "version": "9.3(9)"
            },
            {
              "status": "affected",
              "version": "10.1(2t)"
            },
            {
              "status": "affected",
              "version": "10.2(3)"
            },
            {
              "status": "affected",
              "version": "10.2(3t)"
            },
            {
              "status": "affected",
              "version": "9.3(10)"
            },
            {
              "status": "affected",
              "version": "10.2(2a)"
            },
            {
              "status": "affected",
              "version": "10.3(1)"
            },
            {
              "status": "affected",
              "version": "10.2(4)"
            },
            {
              "status": "affected",
              "version": "10.3(2)"
            },
            {
              "status": "affected",
              "version": "9.3(11)"
            },
            {
              "status": "affected",
              "version": "10.3(3)"
            },
            {
              "status": "affected",
              "version": "10.2(5)"
            },
            {
              "status": "affected",
              "version": "9.3(12)"
            },
            {
              "status": "affected",
              "version": "10.2(3v)"
            },
            {
              "status": "affected",
              "version": "10.4(1)"
            },
            {
              "status": "affected",
              "version": "10.3(99w)"
            },
            {
              "status": "affected",
              "version": "10.2(6)"
            },
            {
              "status": "affected",
              "version": "10.3(3w)"
            },
            {
              "status": "affected",
              "version": "10.3(99x)"
            },
            {
              "status": "affected",
              "version": "10.3(3o)"
            },
            {
              "status": "affected",
              "version": "10.3(4)"
            },
            {
              "status": "affected",
              "version": "10.3(3p)"
            },
            {
              "status": "affected",
              "version": "10.3(4a)"
            },
            {
              "status": "affected",
              "version": "10.4(2)"
            },
            {
              "status": "affected",
              "version": "10.3(3q)"
            },
            {
              "status": "affected",
              "version": "9.3(13)"
            },
            {
              "status": "affected",
              "version": "10.3(5)"
            },
            {
              "status": "affected",
              "version": "10.2(7)"
            },
            {
              "status": "affected",
              "version": "10.4(3)"
            },
            {
              "status": "affected",
              "version": "10.3(3x)"
            },
            {
              "status": "affected",
              "version": "10.3(4g)"
            },
            {
              "status": "affected",
              "version": "10.3(3r)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device.\r\n\r\nThis vulnerability is due to insufficient security restrictions when executing application arguments from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to create new users with the privileges of network-admin."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "Missing Authorization",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-28T16:27:29.365Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-nxos-bshacepe-bApeHSx7",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-bshacepe-bApeHSx7",
        "defects": [
          "CSCwh77783"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Bash Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20413",
    "datePublished": "2024-08-28T16:27:29.365Z",
    "dateReserved": "2023-11-08T15:08:07.663Z",
    "dateUpdated": "2024-08-30T03:56:03.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0395
Vulnerability from cvelistv5
Published
2018-10-17 20:00
Modified
2024-09-17 01:21
Summary
Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.658Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20181017 Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos"
          },
          {
            "name": "1041919",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041919"
          },
          {
            "name": "105674",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105674"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "6.2(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firepower 4100 Series Next-Generation Firewalls",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "\u003c2.3.1.58",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-20T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20181017 Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos"
        },
        {
          "name": "1041919",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041919"
        },
        {
          "name": "105674",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105674"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20181017-fxnx-os-dos",
        "defect": [
          [
            "CSCuc98542",
            "CSCvf23367",
            "CSCvj94174",
            "CSCvj96148"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-10-17T16:00:00-0500",
          "ID": "CVE-2018-0395",
          "STATE": "PUBLIC",
          "TITLE": "Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.2(1)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firepower 4100 Series Next-Generation Firewalls",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "\u003c2.3.1.58"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.8",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181017 Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos"
            },
            {
              "name": "1041919",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041919"
            },
            {
              "name": "105674",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105674"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20181017-fxnx-os-dos",
          "defect": [
            [
              "CSCuc98542",
              "CSCvf23367",
              "CSCvj94174",
              "CSCvj96148"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0395",
    "datePublished": "2018-10-17T20:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-09-17T01:21:42.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1735
Vulnerability from cvelistv5
Published
2019-05-15 18:45
Modified
2024-09-16 21:09
Summary
Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:41.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1735"
          },
          {
            "name": "108365",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108365"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T12:06:06",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1735"
        },
        {
          "name": "108365",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108365"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-cmdinj-1735",
        "defect": [
          [
            "CSCvj63728",
            "CSCvj63877",
            "CSCvk52969",
            "CSCvk52971",
            "CSCvk52972",
            "CSCvk52975",
            "CSCvk52985",
            "CSCvk52988"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1735",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.4",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1735"
            },
            {
              "name": "108365",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108365"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-cmdinj-1735",
          "defect": [
            [
              "CSCvj63728",
              "CSCvj63877",
              "CSCvk52969",
              "CSCvk52971",
              "CSCvk52972",
              "CSCvk52975",
              "CSCvk52985",
              "CSCvk52988"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1735",
    "datePublished": "2019-05-15T18:45:28.744805Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T21:09:08.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1730
Vulnerability from cvelistv5
Published
2019-05-15 16:50
Modified
2024-09-17 02:46
Summary
Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-bash-bypass"
          },
          {
            "name": "108397",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108397"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "CWE-264",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-21T13:06:05",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-bash-bypass"
        },
        {
          "name": "108397",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108397"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-bash-bypass",
        "defect": [
          [
            "CSCvh76090",
            "CSCvj01472",
            "CSCvj01497"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1730",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.0",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-bash-bypass"
            },
            {
              "name": "108397",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108397"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-bash-bypass",
          "defect": [
            [
              "CSCvh76090",
              "CSCvj01472",
              "CSCvj01497"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1730",
    "datePublished": "2019-05-15T16:50:43.974976Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T02:46:29.210Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1808
Vulnerability from cvelistv5
Published
2019-05-15 22:15
Modified
2024-09-16 16:37
Summary
Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.844Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-spsv"
          },
          {
            "name": "108367",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108367"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by loading an unsigned software patch on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T11:06:04",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-spsv"
        },
        {
          "name": "108367",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108367"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-spsv",
        "defect": [
          [
            "CSCvi42248"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1808",
          "STATE": "PUBLIC",
          "TITLE": "Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by loading an unsigned software patch on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-347"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-spsv"
            },
            {
              "name": "108367",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108367"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-spsv",
          "defect": [
            [
              "CSCvi42248"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1808",
    "datePublished": "2019-05-15T22:15:30.009622Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T16:37:43.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1595
Vulnerability from cvelistv5
Published
2019-03-06 22:00
Modified
2024-09-17 04:24
Summary
Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107320",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107320"
          },
          {
            "name": "20190306 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.3(5)N1(1)"
            }
          ]
        }
      ],
      "datePublic": "2019-03-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-08T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "107320",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107320"
        },
        {
          "name": "20190306 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190306-nexus-fbr-dos",
        "defect": [
          [
            "CSCvn24414"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-03-06T16:00:00-0800",
          "ID": "CVE-2019-1595",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.3(5)N1(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1)."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.4",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-913"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107320",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107320"
            },
            {
              "name": "20190306 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190306-nexus-fbr-dos",
          "defect": [
            [
              "CSCvn24414"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1595",
    "datePublished": "2019-03-06T22:00:00Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T04:24:08.053Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1780
Vulnerability from cvelistv5
Published
2019-05-16 17:00
Modified
2024-09-16 16:34
Summary
Cisco FXOS and NX-OS Software Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1780)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780"
          },
          {
            "name": "108392",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108392"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-21T09:06:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1780)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780"
        },
        {
          "name": "108392",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108392"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-fxos-cmdinj-1780",
        "defect": [
          [
            "CSCvi01431",
            "CSCvi01440",
            "CSCvi92326",
            "CSCvi92328",
            "CSCvi92329",
            "CSCvi92332"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco FXOS and NX-OS Software Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1780",
          "STATE": "PUBLIC",
          "TITLE": "Cisco FXOS and NX-OS Software Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.2",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1780)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780"
            },
            {
              "name": "108392",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108392"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-fxos-cmdinj-1780",
          "defect": [
            [
              "CSCvi01431",
              "CSCvi01440",
              "CSCvi92326",
              "CSCvi92328",
              "CSCvi92329",
              "CSCvi92332"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1780",
    "datePublished": "2019-05-16T17:00:17.177415Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T16:34:04.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1969
Vulnerability from cvelistv5
Published
2019-08-29 21:50
Modified
2024-09-17 00:26
Summary
Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:35:52.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190828 Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-snmp-bypass"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "9.2(3)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-08-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "CWE-264",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-29T21:50:19",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190828 Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-snmp-bypass"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190828-nxos-snmp-bypass",
        "defect": [
          [
            "CSCvo17439"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-08-28T16:00:00-0700",
          "ID": "CVE-2019-1969",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "9.2(3)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190828 Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-snmp-bypass"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190828-nxos-snmp-bypass",
          "defect": [
            [
              "CSCvo17439"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1969",
    "datePublished": "2019-08-29T21:50:19.965411Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T00:26:40.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1769
Vulnerability from cvelistv5
Published
2019-05-15 19:20
Modified
2024-09-16 22:30
Summary
Cisco NX-OS Software Line Card Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.806Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Line Card Command Injection Vulnerability (CVE-2019-1769)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-linecardinj-1769"
          },
          {
            "name": "108393",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108393"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-21T09:06:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Line Card Command Injection Vulnerability (CVE-2019-1769)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-linecardinj-1769"
        },
        {
          "name": "108393",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108393"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-linecardinj-1769",
        "defect": [
          [
            "CSCvh20032",
            "CSCvj00299"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Line Card Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1769",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Line Card Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Line Card Command Injection Vulnerability (CVE-2019-1769)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-linecardinj-1769"
            },
            {
              "name": "108393",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108393"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-linecardinj-1769",
          "defect": [
            [
              "CSCvh20032",
              "CSCvj00299"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1769",
    "datePublished": "2019-05-15T19:20:25.137561Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T22:30:44.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1784
Vulnerability from cvelistv5
Published
2019-05-15 20:05
Modified
2024-09-17 01:21
Summary
Cisco NX-OS Software Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.848Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmd-inject-1784"
          },
          {
            "name": "108369",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108369"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T12:06:06",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmd-inject-1784"
        },
        {
          "name": "108369",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108369"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-cmd-inject-1784",
        "defect": [
          [
            "CSCvi42292",
            "CSCvj12273",
            "CSCvj12274"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1784",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmd-inject-1784"
            },
            {
              "name": "108369",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108369"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-cmd-inject-1784",
          "defect": [
            [
              "CSCvi42292",
              "CSCvj12273",
              "CSCvj12274"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1784",
    "datePublished": "2019-05-15T20:05:21.750001Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T01:21:59.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20267
Vulnerability from cvelistv5
Published
2024-02-28 16:15
Modified
2024-08-28 14:13
Summary
A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that is encapsulated within an MPLS frame to an MPLS-enabled interface of the targeted device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition. Note: The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet.
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:31.664Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-ipv6-mpls-dos-R9ycXkwM",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-mpls-dos-R9ycXkwM"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20267",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-05T15:17:32.267858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T14:13:57.631Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.0(2)A3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A3(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(2a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(4a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A7(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A7(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A7(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A7(2a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U4(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U4(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U4(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U4(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U5(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U5(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U5(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U5(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(2a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(4a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5c)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(10)"
            },
            {
              "status": "affected",
              "version": "6.2(2)"
            },
            {
              "status": "affected",
              "version": "6.2(2a)"
            },
            {
              "status": "affected",
              "version": "6.2(6)"
            },
            {
              "status": "affected",
              "version": "6.2(6b)"
            },
            {
              "status": "affected",
              "version": "6.2(8)"
            },
            {
              "status": "affected",
              "version": "6.2(8a)"
            },
            {
              "status": "affected",
              "version": "6.2(8b)"
            },
            {
              "status": "affected",
              "version": "6.2(10)"
            },
            {
              "status": "affected",
              "version": "6.2(12)"
            },
            {
              "status": "affected",
              "version": "6.2(18)"
            },
            {
              "status": "affected",
              "version": "6.2(16)"
            },
            {
              "status": "affected",
              "version": "6.2(14)"
            },
            {
              "status": "affected",
              "version": "6.2(6a)"
            },
            {
              "status": "affected",
              "version": "6.2(20)"
            },
            {
              "status": "affected",
              "version": "6.2(20a)"
            },
            {
              "status": "affected",
              "version": "6.2(22)"
            },
            {
              "status": "affected",
              "version": "6.2(24)"
            },
            {
              "status": "affected",
              "version": "6.2(24a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F2(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F2(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2d)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2e)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(1a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I3(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8z)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(9)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(9)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(10)"
            },
            {
              "status": "affected",
              "version": "7.1(0)N1(1a)"
            },
            {
              "status": "affected",
              "version": "7.1(0)N1(1b)"
            },
            {
              "status": "affected",
              "version": "7.1(0)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(1)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(2)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(3)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(3)N1(2)"
            },
            {
              "status": "affected",
              "version": "7.1(4)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(5)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(5)N1(1b)"
            },
            {
              "status": "affected",
              "version": "7.2(0)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.2(1)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.2(2)D1(2)"
            },
            {
              "status": "affected",
              "version": "7.2(2)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(0)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(0)DX(1)"
            },
            {
              "status": "affected",
              "version": "7.3(0)N1(1)"
            },
            {
              "status": "affected",
              "version": "9.2(1)"
            },
            {
              "status": "affected",
              "version": "9.2(2)"
            },
            {
              "status": "affected",
              "version": "9.2(2t)"
            },
            {
              "status": "affected",
              "version": "9.2(3)"
            },
            {
              "status": "affected",
              "version": "9.2(4)"
            },
            {
              "status": "affected",
              "version": "9.2(2v)"
            },
            {
              "status": "affected",
              "version": "9.3(1)"
            },
            {
              "status": "affected",
              "version": "9.3(2)"
            },
            {
              "status": "affected",
              "version": "9.3(3)"
            },
            {
              "status": "affected",
              "version": "9.3(4)"
            },
            {
              "status": "affected",
              "version": "9.3(5)"
            },
            {
              "status": "affected",
              "version": "9.3(6)"
            },
            {
              "status": "affected",
              "version": "9.3(7)"
            },
            {
              "status": "affected",
              "version": "9.3(7a)"
            },
            {
              "status": "affected",
              "version": "9.3(8)"
            },
            {
              "status": "affected",
              "version": "9.3(9)"
            },
            {
              "status": "affected",
              "version": "9.3(10)"
            },
            {
              "status": "affected",
              "version": "9.3(11)"
            },
            {
              "status": "affected",
              "version": "9.3(12)"
            },
            {
              "status": "affected",
              "version": "10.1(1)"
            },
            {
              "status": "affected",
              "version": "10.1(2)"
            },
            {
              "status": "affected",
              "version": "10.1(2t)"
            },
            {
              "status": "affected",
              "version": "10.2(1)"
            },
            {
              "status": "affected",
              "version": "10.2(1q)"
            },
            {
              "status": "affected",
              "version": "10.2(2)"
            },
            {
              "status": "affected",
              "version": "10.2(3)"
            },
            {
              "status": "affected",
              "version": "10.2(3t)"
            },
            {
              "status": "affected",
              "version": "10.2(4)"
            },
            {
              "status": "affected",
              "version": "10.2(5)"
            },
            {
              "status": "affected",
              "version": "10.2(3v)"
            },
            {
              "status": "affected",
              "version": "10.2(6)"
            },
            {
              "status": "affected",
              "version": "10.3(1)"
            },
            {
              "status": "affected",
              "version": "10.3(2)"
            },
            {
              "status": "affected",
              "version": "10.3(3)"
            },
            {
              "status": "affected",
              "version": "10.3(99w)"
            },
            {
              "status": "affected",
              "version": "10.3(99x)"
            },
            {
              "status": "affected",
              "version": "10.4(1)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. \r\n\r This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that is encapsulated within an MPLS frame to an MPLS-enabled interface of the targeted device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition.\r\n\r Note: The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-28T16:15:18.044Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ipv6-mpls-dos-R9ycXkwM",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-mpls-dos-R9ycXkwM"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ipv6-mpls-dos-R9ycXkwM",
        "defects": [
          "CSCwh42690",
          "CSCva52387"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20267",
    "datePublished": "2024-02-28T16:15:18.044Z",
    "dateReserved": "2023-11-08T15:08:07.624Z",
    "dateUpdated": "2024-08-28T14:13:57.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1367
Vulnerability from cvelistv5
Published
2021-02-24 19:30
Modified
2024-09-16 20:38
Summary
Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:16.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210224 Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-pim-dos-Y8SjMz4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T19:30:45",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210224 Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-pim-dos-Y8SjMz4"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-pim-dos-Y8SjMz4",
        "defect": [
          [
            "CSCvv98438"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-02-24T16:00:00",
          "ID": "CVE-2021-1367",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.3",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210224 Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-pim-dos-Y8SjMz4"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-nxos-pim-dos-Y8SjMz4",
          "defect": [
            [
              "CSCvv98438"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1367",
    "datePublished": "2021-02-24T19:30:45.486967Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-09-16T20:38:10.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1732
Vulnerability from cvelistv5
Published
2019-05-15 16:50
Modified
2024-09-16 22:55
Summary
Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.300Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-rpm-injec"
          },
          {
            "name": "108361",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108361"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T09:06:06",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-rpm-injec"
        },
        {
          "name": "108361",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108361"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-rpm-injec",
        "defect": [
          [
            "CSCvi01453",
            "CSCvj00550"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1732",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.4",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-rpm-injec"
            },
            {
              "name": "108361",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108361"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-rpm-injec",
          "defect": [
            [
              "CSCvi01453",
              "CSCvj00550"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1732",
    "datePublished": "2019-05-15T16:50:29.893438Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T22:55:29.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20285
Vulnerability from cvelistv5
Published
2024-08-28 16:37
Modified
2024-08-28 17:19
Summary
Cisco NX-OS Software Python Parser Escape Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20285",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T17:19:39.299396Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T17:19:57.207Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.3(6)N1(1a)"
            },
            {
              "status": "affected",
              "version": "8.4(2)"
            },
            {
              "status": "affected",
              "version": "7.3(6)N1(1)"
            },
            {
              "status": "affected",
              "version": "9.2(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(2)"
            },
            {
              "status": "affected",
              "version": "8.2(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(1)"
            },
            {
              "status": "affected",
              "version": "7.3(1)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(6)"
            },
            {
              "status": "affected",
              "version": "7.3(4)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(3)"
            },
            {
              "status": "affected",
              "version": "9.2(2v)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5b)"
            },
            {
              "status": "affected",
              "version": "7.3(0)D1(1)"
            },
            {
              "status": "affected",
              "version": "6.2(17a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(1a)"
            },
            {
              "status": "affected",
              "version": "7.1(5)N1(1b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(2)"
            },
            {
              "status": "affected",
              "version": "7.1(4)N1(1c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(4a)"
            },
            {
              "status": "affected",
              "version": "6.2(9)"
            },
            {
              "status": "affected",
              "version": "6.2(5)"
            },
            {
              "status": "affected",
              "version": "9.2(1)"
            },
            {
              "status": "affected",
              "version": "9.2(2t)"
            },
            {
              "status": "affected",
              "version": "9.2(3y)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(1t)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5c)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(6z)"
            },
            {
              "status": "affected",
              "version": "9.3(2)"
            },
            {
              "status": "affected",
              "version": "7.3(1)DY(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(6)"
            },
            {
              "status": "affected",
              "version": "6.2(29)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(3z)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM7(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11b)"
            },
            {
              "status": "affected",
              "version": "6.2(9a)"
            },
            {
              "status": "affected",
              "version": "7.3(0)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5a)"
            },
            {
              "status": "affected",
              "version": "6.2(11d)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(10)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(1)"
            },
            {
              "status": "affected",
              "version": "7.3(2)N1(1c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(3b)"
            },
            {
              "status": "affected",
              "version": "7.3(5)N1(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(2a)"
            },
            {
              "status": "affected",
              "version": "7.3(2)N1(1b)"
            },
            {
              "status": "affected",
              "version": "6.2(27)"
            },
            {
              "status": "affected",
              "version": "7.3(1)N1(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(7)"
            },
            {
              "status": "affected",
              "version": "9.2(4)"
            },
            {
              "status": "affected",
              "version": "7.1(4)N1(1a)"
            },
            {
              "status": "affected",
              "version": "8.1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(3)N1(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(2a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10)"
            },
            {
              "status": "affected",
              "version": "7.1(3)N1(2)"
            },
            {
              "status": "affected",
              "version": "8.2(2)"
            },
            {
              "status": "affected",
              "version": "6.2(13)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IC4(4)"
            },
            {
              "status": "affected",
              "version": "6.2(1)"
            },
            {
              "status": "affected",
              "version": "8.3(2)"
            },
            {
              "status": "affected",
              "version": "7.3(4)N1(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(5)"
            },
            {
              "status": "affected",
              "version": "7.1(2)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(3)N1(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(2)"
            },
            {
              "status": "affected",
              "version": "6.2(5a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(2b)"
            },
            {
              "status": "affected",
              "version": "7.1(3)N1(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(4a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(2)"
            },
            {
              "status": "affected",
              "version": "8.3(1)"
            },
            {
              "status": "affected",
              "version": "6.2(3)"
            },
            {
              "status": "affected",
              "version": "7.1(1)N1(1)"
            },
            {
              "status": "affected",
              "version": "8.1(1b)"
            },
            {
              "status": "affected",
              "version": "7.3(0)N1(1b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(5)"
            },
            {
              "status": "affected",
              "version": "7.1(4)N1(1d)"
            },
            {
              "status": "affected",
              "version": "7.3(2)N1(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(8)"
            },
            {
              "status": "affected",
              "version": "7.1(1)N1(1a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM3(3)"
            },
            {
              "status": "affected",
              "version": "9.3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(2)"
            },
            {
              "status": "affected",
              "version": "6.2(9b)"
            },
            {
              "status": "affected",
              "version": "7.1(3)N1(2a)"
            },
            {
              "status": "affected",
              "version": "7.3(0)N1(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(6)"
            },
            {
              "status": "affected",
              "version": "8.4(1)"
            },
            {
              "status": "affected",
              "version": "6.2(25)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11a)"
            },
            {
              "status": "affected",
              "version": "6.2(11e)"
            },
            {
              "status": "affected",
              "version": "7.1(3)N1(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8z)"
            },
            {
              "status": "affected",
              "version": "6.2(11)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(9)"
            },
            {
              "status": "affected",
              "version": "6.2(19)"
            },
            {
              "status": "affected",
              "version": "7.1(0)N1(1b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(7)"
            },
            {
              "status": "affected",
              "version": "6.2(5b)"
            },
            {
              "status": "affected",
              "version": "7.3(0)DY(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(1)"
            },
            {
              "status": "affected",
              "version": "7.1(5)N1(1)"
            },
            {
              "status": "affected",
              "version": "6.2(15)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(1)"
            },
            {
              "status": "affected",
              "version": "9.3(1z)"
            },
            {
              "status": "affected",
              "version": "9.2(2)"
            },
            {
              "status": "affected",
              "version": "6.2(7)"
            },
            {
              "status": "affected",
              "version": "6.2(9c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(4)"
            },
            {
              "status": "affected",
              "version": "7.3(3)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(3)"
            },
            {
              "status": "affected",
              "version": "6.2(11b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(6t)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(3a)"
            },
            {
              "status": "affected",
              "version": "8.1(1a)"
            },
            {
              "status": "affected",
              "version": "6.2(13a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3a)"
            },
            {
              "status": "affected",
              "version": "7.1(0)N1(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F2(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(9)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(2a)"
            },
            {
              "status": "affected",
              "version": "6.2(17)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(4)"
            },
            {
              "status": "affected",
              "version": "6.2(23)"
            },
            {
              "status": "affected",
              "version": "6.2(13b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(3)"
            },
            {
              "status": "affected",
              "version": "7.1(2)N1(1a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(1)"
            },
            {
              "status": "affected",
              "version": "6.2(21)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F2(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IA7(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IA7(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7b)"
            },
            {
              "status": "affected",
              "version": "6.2(11c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F1(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(1a)"
            },
            {
              "status": "affected",
              "version": "7.1(0)N1(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(2)"
            },
            {
              "status": "affected",
              "version": "7.1(4)N1(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(4)"
            },
            {
              "status": "affected",
              "version": "8.4(1a)"
            },
            {
              "status": "affected",
              "version": "9.3(3)"
            },
            {
              "status": "affected",
              "version": "7.3(7)N1(1)"
            },
            {
              "status": "affected",
              "version": "6.2(31)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(10a)"
            },
            {
              "status": "affected",
              "version": "7.3(7)N1(1a)"
            },
            {
              "status": "affected",
              "version": "9.3(4)"
            },
            {
              "status": "affected",
              "version": "6.2(33)"
            },
            {
              "status": "affected",
              "version": "9.3(5)"
            },
            {
              "status": "affected",
              "version": "8.4(2a)"
            },
            {
              "status": "affected",
              "version": "8.4(2b)"
            },
            {
              "status": "affected",
              "version": "7.3(8)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(9)"
            },
            {
              "status": "affected",
              "version": "7.3(7)N1(1b)"
            },
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "9.3(6)"
            },
            {
              "status": "affected",
              "version": "10.1(2)"
            },
            {
              "status": "affected",
              "version": "10.1(1)"
            },
            {
              "status": "affected",
              "version": "8.4(2c)"
            },
            {
              "status": "affected",
              "version": "9.3(5w)"
            },
            {
              "status": "affected",
              "version": "7.3(9)N1(1)"
            },
            {
              "status": "affected",
              "version": "9.3(7)"
            },
            {
              "status": "affected",
              "version": "9.3(7k)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(9w)"
            },
            {
              "status": "affected",
              "version": "10.2(1)"
            },
            {
              "status": "affected",
              "version": "7.3(8)N1(1a)"
            },
            {
              "status": "affected",
              "version": "9.3(7a)"
            },
            {
              "status": "affected",
              "version": "9.3(8)"
            },
            {
              "status": "affected",
              "version": "8.4(2d)"
            },
            {
              "status": "affected",
              "version": "7.3(10)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(10)"
            },
            {
              "status": "affected",
              "version": "7.3(8)N1(1b)"
            },
            {
              "status": "affected",
              "version": "10.2(1q)"
            },
            {
              "status": "affected",
              "version": "10.2(2)"
            },
            {
              "status": "affected",
              "version": "9.3(9)"
            },
            {
              "status": "affected",
              "version": "10.1(2t)"
            },
            {
              "status": "affected",
              "version": "7.3(11)N1(1)"
            },
            {
              "status": "affected",
              "version": "10.2(3)"
            },
            {
              "status": "affected",
              "version": "10.2(3t)"
            },
            {
              "status": "affected",
              "version": "8.4(2e)"
            },
            {
              "status": "affected",
              "version": "9.3(10)"
            },
            {
              "status": "affected",
              "version": "7.3(11)N1(1a)"
            },
            {
              "status": "affected",
              "version": "10.2(2a)"
            },
            {
              "status": "affected",
              "version": "7.3(12)N1(1)"
            },
            {
              "status": "affected",
              "version": "9.2(1a)"
            },
            {
              "status": "affected",
              "version": "10.3(1)"
            },
            {
              "status": "affected",
              "version": "10.2(4)"
            },
            {
              "status": "affected",
              "version": "7.3(13)N1(1)"
            },
            {
              "status": "affected",
              "version": "10.3(2)"
            },
            {
              "status": "affected",
              "version": "9.3(11)"
            },
            {
              "status": "affected",
              "version": "10.3(3)"
            },
            {
              "status": "affected",
              "version": "10.2(5)"
            },
            {
              "status": "affected",
              "version": "9.4(1)"
            },
            {
              "status": "affected",
              "version": "9.3(2a)"
            },
            {
              "status": "affected",
              "version": "8.4(2f)"
            },
            {
              "status": "affected",
              "version": "9.3(12)"
            },
            {
              "status": "affected",
              "version": "10.2(3v)"
            },
            {
              "status": "affected",
              "version": "10.4(1)"
            },
            {
              "status": "affected",
              "version": "10.3(99w)"
            },
            {
              "status": "affected",
              "version": "7.3(14)N1(1)"
            },
            {
              "status": "affected",
              "version": "10.2(6)"
            },
            {
              "status": "affected",
              "version": "10.3(3w)"
            },
            {
              "status": "affected",
              "version": "10.3(99x)"
            },
            {
              "status": "affected",
              "version": "10.3(3o)"
            },
            {
              "status": "affected",
              "version": "10.3(4)"
            },
            {
              "status": "affected",
              "version": "10.3(3p)"
            },
            {
              "status": "affected",
              "version": "10.3(4a)"
            },
            {
              "status": "affected",
              "version": "9.4(1a)"
            },
            {
              "status": "affected",
              "version": "10.4(2)"
            },
            {
              "status": "affected",
              "version": "10.3(3q)"
            },
            {
              "status": "affected",
              "version": "9.3(13)"
            },
            {
              "status": "affected",
              "version": "10.3(5)"
            },
            {
              "status": "affected",
              "version": "10.2(7)"
            },
            {
              "status": "affected",
              "version": "10.4(3)"
            },
            {
              "status": "affected",
              "version": "10.3(3x)"
            },
            {
              "status": "affected",
              "version": "10.3(4g)"
            },
            {
              "status": "affected",
              "version": "10.3(3r)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.\r\n\r\nThe vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.\u0026nbsp;\r\nNote: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the  section of the Cisco Nexus 9000 Series NX-OS Programmability Guide."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "Insufficient Compartmentalization",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-28T16:37:27.149Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-nxos-psbe-ce-YvbTn5du",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du"
        },
        {
          "name": "Cisco NX-OS Security with Python",
          "url": "https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-psbe-ce-YvbTn5du",
        "defects": [
          "CSCwh77780"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Python Parser Escape Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20285",
    "datePublished": "2024-08-28T16:37:27.149Z",
    "dateReserved": "2023-11-08T15:08:07.626Z",
    "dateUpdated": "2024-08-28T17:19:57.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1774
Vulnerability from cvelistv5
Published
2019-05-15 19:30
Modified
2024-09-16 17:59
Summary
Cisco NX-OS Software Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775"
          },
          {
            "name": "108371",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108371"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T16:06:13",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775"
        },
        {
          "name": "108371",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108371"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-cmdinj-1774-1775",
        "defect": [
          [
            "CSCvh75895",
            "CSCvh75909",
            "CSCvh75968",
            "CSCvh75976",
            "CSCvi92256",
            "CSCvi92258",
            "CSCvi92260",
            "CSCvi99195",
            "CSCvi99197",
            "CSCvi99198"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1774",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775"
            },
            {
              "name": "108371",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108371"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-cmdinj-1774-1775",
          "defect": [
            [
              "CSCvh75895",
              "CSCvh75909",
              "CSCvh75968",
              "CSCvh75976",
              "CSCvi92256",
              "CSCvi92258",
              "CSCvi92260",
              "CSCvi99195",
              "CSCvi99197",
              "CSCvi99198"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1774",
    "datePublished": "2019-05-15T19:30:40.907687Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T17:59:13.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3398
Vulnerability from cvelistv5
Published
2020-08-27 15:40
Modified
2024-09-16 22:36
Summary
Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:58.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200826 Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-08-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-27T15:40:28",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200826 Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp",
        "defect": [
          [
            "CSCvr60479"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-08-26T16:00:00",
          "ID": "CVE-2020-3398",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.6",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200826 Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp",
          "defect": [
            [
              "CSCvr60479"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3398",
    "datePublished": "2020-08-27T15:40:28.988414Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-09-16T22:36:12.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20168
Vulnerability from cvelistv5
Published
2023-08-23 18:07
Modified
2024-08-02 09:05
Summary
A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:35.038Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-nxos-remoteauth-dos-XB6pv74m",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.2(1)SV1(4)"
            },
            {
              "status": "affected",
              "version": "4.2(1)SV1(4a)"
            },
            {
              "status": "affected",
              "version": "4.2(1)SV1(4b)"
            },
            {
              "status": "affected",
              "version": "4.2(1)SV1(5.1)"
            },
            {
              "status": "affected",
              "version": "4.2(1)SV1(5.1a)"
            },
            {
              "status": "affected",
              "version": "4.2(1)SV1(5.2)"
            },
            {
              "status": "affected",
              "version": "4.2(1)SV1(5.2b)"
            },
            {
              "status": "affected",
              "version": "4.2(1)SV2(1.1)"
            },
            {
              "status": "affected",
              "version": "4.2(1)SV2(1.1a)"
            },
            {
              "status": "affected",
              "version": "4.2(1)SV2(2.1)"
            },
            {
              "status": "affected",
              "version": "4.2(1)SV2(2.1a)"
            },
            {
              "status": "affected",
              "version": "4.2(1)SV2(2.2)"
            },
            {
              "status": "affected",
              "version": "4.2(1)SV2(2.3)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SM1(5.1)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SM1(5.2)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SM1(5.2a)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SM1(5.2b)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SM1(5.2c)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SM3(1.1)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SM3(1.1a)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SM3(1.1b)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SM3(1.1c)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SM3(2.1)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(1.4)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(1.1)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(1.3)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(1.5a)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(1.5b)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(1.6)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(1.10)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(1.15)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(2.1)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(2.5)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(2.8)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(3.1)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(1.2)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(1.4b)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(3.15)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(4.1)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(4.1a)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(4.1b)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV3(4.1c)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A3(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(2a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(4a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A7(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A7(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A7(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A7(2a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U4(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U4(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U4(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U4(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U5(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U5(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U5(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U5(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(2a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(4a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5c)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(10)"
            },
            {
              "status": "affected",
              "version": "6.2(2)"
            },
            {
              "status": "affected",
              "version": "6.2(2a)"
            },
            {
              "status": "affected",
              "version": "6.2(6)"
            },
            {
              "status": "affected",
              "version": "6.2(6b)"
            },
            {
              "status": "affected",
              "version": "6.2(8)"
            },
            {
              "status": "affected",
              "version": "6.2(8a)"
            },
            {
              "status": "affected",
              "version": "6.2(8b)"
            },
            {
              "status": "affected",
              "version": "6.2(10)"
            },
            {
              "status": "affected",
              "version": "6.2(12)"
            },
            {
              "status": "affected",
              "version": "6.2(18)"
            },
            {
              "status": "affected",
              "version": "6.2(16)"
            },
            {
              "status": "affected",
              "version": "6.2(14)"
            },
            {
              "status": "affected",
              "version": "6.2(6a)"
            },
            {
              "status": "affected",
              "version": "6.2(20)"
            },
            {
              "status": "affected",
              "version": "6.2(1)"
            },
            {
              "status": "affected",
              "version": "6.2(3)"
            },
            {
              "status": "affected",
              "version": "6.2(5)"
            },
            {
              "status": "affected",
              "version": "6.2(5a)"
            },
            {
              "status": "affected",
              "version": "6.2(5b)"
            },
            {
              "status": "affected",
              "version": "6.2(7)"
            },
            {
              "status": "affected",
              "version": "6.2(9)"
            },
            {
              "status": "affected",
              "version": "6.2(9a)"
            },
            {
              "status": "affected",
              "version": "6.2(9b)"
            },
            {
              "status": "affected",
              "version": "6.2(9c)"
            },
            {
              "status": "affected",
              "version": "6.2(11)"
            },
            {
              "status": "affected",
              "version": "6.2(11b)"
            },
            {
              "status": "affected",
              "version": "6.2(11c)"
            },
            {
              "status": "affected",
              "version": "6.2(11d)"
            },
            {
              "status": "affected",
              "version": "6.2(11e)"
            },
            {
              "status": "affected",
              "version": "6.2(13)"
            },
            {
              "status": "affected",
              "version": "6.2(13a)"
            },
            {
              "status": "affected",
              "version": "6.2(13b)"
            },
            {
              "status": "affected",
              "version": "6.2(15)"
            },
            {
              "status": "affected",
              "version": "6.2(17)"
            },
            {
              "status": "affected",
              "version": "6.2(19)"
            },
            {
              "status": "affected",
              "version": "6.2(21)"
            },
            {
              "status": "affected",
              "version": "6.2(23)"
            },
            {
              "status": "affected",
              "version": "6.2(20a)"
            },
            {
              "status": "affected",
              "version": "6.2(25)"
            },
            {
              "status": "affected",
              "version": "6.2(22)"
            },
            {
              "status": "affected",
              "version": "6.2(27)"
            },
            {
              "status": "affected",
              "version": "6.2(29)"
            },
            {
              "status": "affected",
              "version": "6.2(24)"
            },
            {
              "status": "affected",
              "version": "6.2(31)"
            },
            {
              "status": "affected",
              "version": "6.2(24a)"
            },
            {
              "status": "affected",
              "version": "6.2(33)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F2(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F2(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2d)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2e)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(1a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I3(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8z)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(9)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(9)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(10)"
            },
            {
              "status": "affected",
              "version": "7.1(0)N1(1a)"
            },
            {
              "status": "affected",
              "version": "7.1(0)N1(1b)"
            },
            {
              "status": "affected",
              "version": "7.1(0)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(1)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(2)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(3)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(3)N1(2)"
            },
            {
              "status": "affected",
              "version": "7.1(4)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(5)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(5)N1(1b)"
            },
            {
              "status": "affected",
              "version": "7.2(0)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.2(1)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.2(2)D1(2)"
            },
            {
              "status": "affected",
              "version": "7.2(2)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(0)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(0)DX(1)"
            },
            {
              "status": "affected",
              "version": "7.3(0)DY(1)"
            },
            {
              "status": "affected",
              "version": "7.3(0)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(1)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(1)DY(1)"
            },
            {
              "status": "affected",
              "version": "7.3(1)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(2)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(3)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(3a)"
            },
            {
              "status": "affected",
              "version": "7.3(2)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(3)N1(1)"
            },
            {
              "status": "affected",
              "version": "8.0(1)"
            },
            {
              "status": "affected",
              "version": "8.1(1)"
            },
            {
              "status": "affected",
              "version": "8.1(2)"
            },
            {
              "status": "affected",
              "version": "8.1(2a)"
            },
            {
              "status": "affected",
              "version": "8.1(1a)"
            },
            {
              "status": "affected",
              "version": "8.1(1b)"
            },
            {
              "status": "affected",
              "version": "8.2(1)"
            },
            {
              "status": "affected",
              "version": "8.2(2)"
            },
            {
              "status": "affected",
              "version": "8.2(3)"
            },
            {
              "status": "affected",
              "version": "8.2(4)"
            },
            {
              "status": "affected",
              "version": "8.2(5)"
            },
            {
              "status": "affected",
              "version": "8.2(6)"
            },
            {
              "status": "affected",
              "version": "8.2(7)"
            },
            {
              "status": "affected",
              "version": "8.2(7a)"
            },
            {
              "status": "affected",
              "version": "8.2(8)"
            },
            {
              "status": "affected",
              "version": "8.2(9)"
            },
            {
              "status": "affected",
              "version": "8.3(1)"
            },
            {
              "status": "affected",
              "version": "8.3(2)"
            },
            {
              "status": "affected",
              "version": "9.2(1)"
            },
            {
              "status": "affected",
              "version": "9.2(2)"
            },
            {
              "status": "affected",
              "version": "9.2(2t)"
            },
            {
              "status": "affected",
              "version": "9.2(3)"
            },
            {
              "status": "affected",
              "version": "9.2(4)"
            },
            {
              "status": "affected",
              "version": "9.2(2v)"
            },
            {
              "status": "affected",
              "version": "9.2(1a)"
            },
            {
              "status": "affected",
              "version": "7.3(4)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(3)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(4)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(5)N1(1)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SK3(1.1)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SK3(2.1)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SK3(2.2)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SK3(2.2b)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SK3(2.1a)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV5(1.1)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV5(1.2)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV5(1.3)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV5(1.3a)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV5(1.3b)"
            },
            {
              "status": "affected",
              "version": "5.2(1)SV5(1.3c)"
            },
            {
              "status": "affected",
              "version": "8.4(1)"
            },
            {
              "status": "affected",
              "version": "8.4(1a)"
            },
            {
              "status": "affected",
              "version": "8.4(2)"
            },
            {
              "status": "affected",
              "version": "8.4(2a)"
            },
            {
              "status": "affected",
              "version": "8.4(3)"
            },
            {
              "status": "affected",
              "version": "8.4(2b)"
            },
            {
              "status": "affected",
              "version": "8.4(4)"
            },
            {
              "status": "affected",
              "version": "8.4(2c)"
            },
            {
              "status": "affected",
              "version": "8.4(4a)"
            },
            {
              "status": "affected",
              "version": "8.4(5)"
            },
            {
              "status": "affected",
              "version": "8.4(2d)"
            },
            {
              "status": "affected",
              "version": "8.4(6)"
            },
            {
              "status": "affected",
              "version": "8.4(2e)"
            },
            {
              "status": "affected",
              "version": "8.4(6a)"
            },
            {
              "status": "affected",
              "version": "8.4(7)"
            },
            {
              "status": "affected",
              "version": "8.4(2f)"
            },
            {
              "status": "affected",
              "version": "9.3(1)"
            },
            {
              "status": "affected",
              "version": "9.3(2)"
            },
            {
              "status": "affected",
              "version": "9.3(3)"
            },
            {
              "status": "affected",
              "version": "9.3(4)"
            },
            {
              "status": "affected",
              "version": "9.3(5)"
            },
            {
              "status": "affected",
              "version": "9.3(6)"
            },
            {
              "status": "affected",
              "version": "9.3(7)"
            },
            {
              "status": "affected",
              "version": "9.3(7a)"
            },
            {
              "status": "affected",
              "version": "9.3(8)"
            },
            {
              "status": "affected",
              "version": "9.3(9)"
            },
            {
              "status": "affected",
              "version": "9.3(10)"
            },
            {
              "status": "affected",
              "version": "9.3(11)"
            },
            {
              "status": "affected",
              "version": "7.3(6)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(5)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(7)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(7)N1(1a)"
            },
            {
              "status": "affected",
              "version": "7.3(7)N1(1b)"
            },
            {
              "status": "affected",
              "version": "7.3(6)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(8)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(7)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(9)N1(1)"
            },
            {
              "status": "affected",
              "version": "10.1(1)"
            },
            {
              "status": "affected",
              "version": "10.1(2)"
            },
            {
              "status": "affected",
              "version": "10.1(2t)"
            },
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "7.3(10)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(8)D1(1)"
            },
            {
              "status": "affected",
              "version": "10.2(1)"
            },
            {
              "status": "affected",
              "version": "10.2(1q)"
            },
            {
              "status": "affected",
              "version": "10.2(2)"
            },
            {
              "status": "affected",
              "version": "10.2(3)"
            },
            {
              "status": "affected",
              "version": "10.2(3t)"
            },
            {
              "status": "affected",
              "version": "10.2(4)"
            },
            {
              "status": "affected",
              "version": "10.2(5)"
            },
            {
              "status": "affected",
              "version": "7.3(9)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(11)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(12)N1(1)"
            },
            {
              "status": "affected",
              "version": "10.3(1)"
            },
            {
              "status": "affected",
              "version": "10.3(2)"
            },
            {
              "status": "affected",
              "version": "7.3(13)N1(1)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. "
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:48.712Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-nxos-remoteauth-dos-XB6pv74m",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-remoteauth-dos-XB6pv74m",
        "defects": [
          "CSCwe72368",
          "CSCwe72670",
          "CSCwe72648",
          "CSCwe72673",
          "CSCwe72674"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20168",
    "datePublished": "2023-08-23T18:07:53.428Z",
    "dateReserved": "2022-10-27T18:47:50.362Z",
    "dateUpdated": "2024-08-02T09:05:35.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1731
Vulnerability from cvelistv5
Published
2019-05-15 16:50
Modified
2024-09-17 00:56
Summary
Cisco NX-OS Software SSH Key Information Disclosure Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:41.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software SSH Key Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-ssh-info"
          },
          {
            "name": "108353",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108353"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user\u0027s private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user\u0027s private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T06:06:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software SSH Key Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-ssh-info"
        },
        {
          "name": "108353",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108353"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-ssh-info",
        "defect": [
          [
            "CSCvh76123",
            "CSCvj01385",
            "CSCvj01386",
            "CSCvj01393"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software SSH Key Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1731",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software SSH Key Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user\u0027s private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user\u0027s private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.1",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software SSH Key Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-ssh-info"
            },
            {
              "name": "108353",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108353"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-ssh-info",
          "defect": [
            [
              "CSCvh76123",
              "CSCvj01385",
              "CSCvj01386",
              "CSCvj01393"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1731",
    "datePublished": "2019-05-15T16:50:36.106074Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T00:56:26.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1726
Vulnerability from cvelistv5
Published
2019-05-15 16:40
Modified
2024-09-16 16:39
Summary
Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cli-bypass"
          },
          {
            "name": "108409",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108409"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "6.2(25)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "8.3(2)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0(3)I7(3)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "9.2(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-22T13:06:04",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cli-bypass"
        },
        {
          "name": "108409",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108409"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-cli-bypass",
        "defect": [
          [
            "CSCvh24771",
            "CSCvi99247",
            "CSCvi99248",
            "CSCvi99250",
            "CSCvi99251",
            "CSCvi99252",
            "CSCvn11851"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1726",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.2(25)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(2)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.0(3)I7(3)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "9.2(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cli-bypass"
            },
            {
              "name": "108409",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108409"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-cli-bypass",
          "defect": [
            [
              "CSCvh24771",
              "CSCvi99247",
              "CSCvi99248",
              "CSCvi99250",
              "CSCvi99251",
              "CSCvi99252",
              "CSCvn11851"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1726",
    "datePublished": "2019-05-15T16:40:17.248159Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T16:39:15.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1770
Vulnerability from cvelistv5
Published
2019-05-15 19:20
Modified
2024-09-17 03:13
Summary
Cisco NX-OS Software Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.721Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1770)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770"
          },
          {
            "name": "108376",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108376"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "n/a",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-20T15:06:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1770)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770"
        },
        {
          "name": "108376",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108376"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-cmdinj-1770",
        "defect": [
          [
            "CSCvh75867",
            "CSCvh75958",
            "CSCvi92239",
            "CSCvi92240",
            "CSCvi92242",
            "CSCvi92243",
            "CSCvk36294"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1770",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.2",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1770)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770"
            },
            {
              "name": "108376",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108376"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-cmdinj-1770",
          "defect": [
            [
              "CSCvh75867",
              "CSCvh75958",
              "CSCvi92239",
              "CSCvi92240",
              "CSCvi92242",
              "CSCvi92243",
              "CSCvk36294"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1770",
    "datePublished": "2019-05-15T19:20:25.203583Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T03:13:54.742Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1967
Vulnerability from cvelistv5
Published
2019-08-29 21:45
Modified
2024-09-16 20:03
Summary
Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:35:51.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190828 Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ntp-dos"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(2)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-08-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-29T21:45:15",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190828 Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ntp-dos"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190828-nxos-ntp-dos",
        "defect": [
          [
            "CSCvm35740",
            "CSCvm51138",
            "CSCvm51139",
            "CSCvm51142"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-08-28T16:00:00-0700",
          "ID": "CVE-2019-1967",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(2)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.6",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190828 Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ntp-dos"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190828-nxos-ntp-dos",
          "defect": [
            [
              "CSCvm35740",
              "CSCvm51138",
              "CSCvm51139",
              "CSCvm51142"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1967",
    "datePublished": "2019-08-29T21:45:15.166469Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T20:03:19.157Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1813
Vulnerability from cvelistv5
Published
2019-05-15 22:20
Modified
2024-09-16 22:02
Summary
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"
          },
          {
            "name": "108425",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108425"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-23T08:06:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"
        },
        {
          "name": "108425",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108425"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-sisv2",
        "defect": [
          [
            "CSCvj14093",
            "CSCvj14106",
            "CSCvj14182",
            "CSCvk53125",
            "CSCvk53227",
            "CSCvk53256"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1813",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-347"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"
            },
            {
              "name": "108425",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108425"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-sisv2",
          "defect": [
            [
              "CSCvj14093",
              "CSCvj14106",
              "CSCvj14182",
              "CSCvk53125",
              "CSCvk53227",
              "CSCvk53256"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1813",
    "datePublished": "2019-05-15T22:20:16.342103Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T22:02:19.521Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20050
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-08-02 08:57
Summary
Cisco NX-OS Software CLI Command Injection Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230222 Cisco NX-OS Software CLI Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cli-cmdinject-euQVK9u"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-02-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-23T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230222 Cisco NX-OS Software CLI Command Injection Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cli-cmdinject-euQVK9u"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-cli-cmdinject-euQVK9u",
        "defect": [
          [
            "CSCwd00653",
            "CSCwd18009",
            "CSCwd18011",
            "CSCwd18012",
            "CSCwd18013"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software CLI Command Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20050",
    "datePublished": "2023-02-23T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-08-02T08:57:35.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1809
Vulnerability from cvelistv5
Published
2019-05-15 22:15
Modified
2024-09-16 19:31
Summary
Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.815Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb"
          },
          {
            "name": "108375",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108375"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-20T14:06:08",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb"
        },
        {
          "name": "108375",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108375"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-psvb",
        "defect": [
          [
            "CSCvi42264",
            "CSCvj12239"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1809",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.4",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-347"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb"
            },
            {
              "name": "108375",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108375"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-psvb",
          "defect": [
            [
              "CSCvi42264",
              "CSCvj12239"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1809",
    "datePublished": "2019-05-15T22:15:23.669524Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T19:31:11.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20294
Vulnerability from cvelistv5
Published
2024-02-28 16:16
Modified
2024-08-01 21:59
Summary
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20294",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-29T18:49:22.444391Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:40:18.434Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:41.160Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-nxos-lldp-dos-z7PncTgt",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-lldp-dos-z7PncTgt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.0(2)A3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A3(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A4(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(2a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(4a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(5b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A6(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A7(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A7(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A7(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A7(2a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U2(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U3(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U4(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U4(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U4(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U4(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U5(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U5(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U5(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U5(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(6)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(7)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(8)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(2a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(4a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(5c)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)U6(10)"
            },
            {
              "status": "affected",
              "version": "6.2(2)"
            },
            {
              "status": "affected",
              "version": "6.2(2a)"
            },
            {
              "status": "affected",
              "version": "6.2(6)"
            },
            {
              "status": "affected",
              "version": "6.2(6b)"
            },
            {
              "status": "affected",
              "version": "6.2(8)"
            },
            {
              "status": "affected",
              "version": "6.2(8a)"
            },
            {
              "status": "affected",
              "version": "6.2(8b)"
            },
            {
              "status": "affected",
              "version": "6.2(10)"
            },
            {
              "status": "affected",
              "version": "6.2(12)"
            },
            {
              "status": "affected",
              "version": "6.2(18)"
            },
            {
              "status": "affected",
              "version": "6.2(16)"
            },
            {
              "status": "affected",
              "version": "6.2(14)"
            },
            {
              "status": "affected",
              "version": "6.2(6a)"
            },
            {
              "status": "affected",
              "version": "6.2(20)"
            },
            {
              "status": "affected",
              "version": "6.2(1)"
            },
            {
              "status": "affected",
              "version": "6.2(3)"
            },
            {
              "status": "affected",
              "version": "6.2(5)"
            },
            {
              "status": "affected",
              "version": "6.2(5a)"
            },
            {
              "status": "affected",
              "version": "6.2(5b)"
            },
            {
              "status": "affected",
              "version": "6.2(7)"
            },
            {
              "status": "affected",
              "version": "6.2(9)"
            },
            {
              "status": "affected",
              "version": "6.2(9a)"
            },
            {
              "status": "affected",
              "version": "6.2(9b)"
            },
            {
              "status": "affected",
              "version": "6.2(9c)"
            },
            {
              "status": "affected",
              "version": "6.2(11)"
            },
            {
              "status": "affected",
              "version": "6.2(11b)"
            },
            {
              "status": "affected",
              "version": "6.2(11c)"
            },
            {
              "status": "affected",
              "version": "6.2(11d)"
            },
            {
              "status": "affected",
              "version": "6.2(11e)"
            },
            {
              "status": "affected",
              "version": "6.2(13)"
            },
            {
              "status": "affected",
              "version": "6.2(13a)"
            },
            {
              "status": "affected",
              "version": "6.2(13b)"
            },
            {
              "status": "affected",
              "version": "6.2(15)"
            },
            {
              "status": "affected",
              "version": "6.2(17)"
            },
            {
              "status": "affected",
              "version": "6.2(19)"
            },
            {
              "status": "affected",
              "version": "6.2(21)"
            },
            {
              "status": "affected",
              "version": "6.2(23)"
            },
            {
              "status": "affected",
              "version": "6.2(20a)"
            },
            {
              "status": "affected",
              "version": "6.2(25)"
            },
            {
              "status": "affected",
              "version": "6.2(22)"
            },
            {
              "status": "affected",
              "version": "6.2(27)"
            },
            {
              "status": "affected",
              "version": "6.2(29)"
            },
            {
              "status": "affected",
              "version": "6.2(24)"
            },
            {
              "status": "affected",
              "version": "6.2(31)"
            },
            {
              "status": "affected",
              "version": "6.2(24a)"
            },
            {
              "status": "affected",
              "version": "6.2(33)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F2(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F2(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2c)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2d)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2e)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(1a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I2(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I3(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8z)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(9)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(9)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(10)"
            },
            {
              "status": "affected",
              "version": "7.1(0)N1(1a)"
            },
            {
              "status": "affected",
              "version": "7.1(0)N1(1b)"
            },
            {
              "status": "affected",
              "version": "7.1(0)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(1)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(2)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(3)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(3)N1(2)"
            },
            {
              "status": "affected",
              "version": "7.1(4)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(5)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.1(5)N1(1b)"
            },
            {
              "status": "affected",
              "version": "7.2(0)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.2(1)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.2(2)D1(2)"
            },
            {
              "status": "affected",
              "version": "7.2(2)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(0)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(0)DX(1)"
            },
            {
              "status": "affected",
              "version": "7.3(0)DY(1)"
            },
            {
              "status": "affected",
              "version": "7.3(0)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(1)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(1)DY(1)"
            },
            {
              "status": "affected",
              "version": "7.3(1)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(2)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(3)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(3a)"
            },
            {
              "status": "affected",
              "version": "7.3(2)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(3)N1(1)"
            },
            {
              "status": "affected",
              "version": "8.0(1)"
            },
            {
              "status": "affected",
              "version": "8.1(1)"
            },
            {
              "status": "affected",
              "version": "8.1(2)"
            },
            {
              "status": "affected",
              "version": "8.1(2a)"
            },
            {
              "status": "affected",
              "version": "8.1(1a)"
            },
            {
              "status": "affected",
              "version": "8.1(1b)"
            },
            {
              "status": "affected",
              "version": "8.2(1)"
            },
            {
              "status": "affected",
              "version": "8.2(2)"
            },
            {
              "status": "affected",
              "version": "8.2(3)"
            },
            {
              "status": "affected",
              "version": "8.2(4)"
            },
            {
              "status": "affected",
              "version": "8.2(5)"
            },
            {
              "status": "affected",
              "version": "8.2(6)"
            },
            {
              "status": "affected",
              "version": "8.2(7)"
            },
            {
              "status": "affected",
              "version": "8.2(7a)"
            },
            {
              "status": "affected",
              "version": "8.2(8)"
            },
            {
              "status": "affected",
              "version": "8.2(9)"
            },
            {
              "status": "affected",
              "version": "8.2(10)"
            },
            {
              "status": "affected",
              "version": "8.3(1)"
            },
            {
              "status": "affected",
              "version": "8.3(2)"
            },
            {
              "status": "affected",
              "version": "9.2(1)"
            },
            {
              "status": "affected",
              "version": "9.2(2)"
            },
            {
              "status": "affected",
              "version": "9.2(2t)"
            },
            {
              "status": "affected",
              "version": "9.2(3)"
            },
            {
              "status": "affected",
              "version": "9.2(4)"
            },
            {
              "status": "affected",
              "version": "9.2(2v)"
            },
            {
              "status": "affected",
              "version": "9.2(1a)"
            },
            {
              "status": "affected",
              "version": "7.3(4)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(3)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(4)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(5)N1(1)"
            },
            {
              "status": "affected",
              "version": "8.4(1)"
            },
            {
              "status": "affected",
              "version": "8.4(1a)"
            },
            {
              "status": "affected",
              "version": "8.4(2)"
            },
            {
              "status": "affected",
              "version": "8.4(2a)"
            },
            {
              "status": "affected",
              "version": "8.4(3)"
            },
            {
              "status": "affected",
              "version": "8.4(2b)"
            },
            {
              "status": "affected",
              "version": "8.4(4)"
            },
            {
              "status": "affected",
              "version": "8.4(2c)"
            },
            {
              "status": "affected",
              "version": "8.4(4a)"
            },
            {
              "status": "affected",
              "version": "8.4(5)"
            },
            {
              "status": "affected",
              "version": "8.4(2d)"
            },
            {
              "status": "affected",
              "version": "8.4(6)"
            },
            {
              "status": "affected",
              "version": "8.4(2e)"
            },
            {
              "status": "affected",
              "version": "8.4(6a)"
            },
            {
              "status": "affected",
              "version": "8.4(7)"
            },
            {
              "status": "affected",
              "version": "8.4(2f)"
            },
            {
              "status": "affected",
              "version": "9.3(1)"
            },
            {
              "status": "affected",
              "version": "9.3(2)"
            },
            {
              "status": "affected",
              "version": "9.3(3)"
            },
            {
              "status": "affected",
              "version": "9.3(4)"
            },
            {
              "status": "affected",
              "version": "9.3(5)"
            },
            {
              "status": "affected",
              "version": "9.3(6)"
            },
            {
              "status": "affected",
              "version": "9.3(7)"
            },
            {
              "status": "affected",
              "version": "9.3(7a)"
            },
            {
              "status": "affected",
              "version": "9.3(8)"
            },
            {
              "status": "affected",
              "version": "9.3(9)"
            },
            {
              "status": "affected",
              "version": "9.3(10)"
            },
            {
              "status": "affected",
              "version": "9.3(11)"
            },
            {
              "status": "affected",
              "version": "9.3(2a)"
            },
            {
              "status": "affected",
              "version": "7.3(6)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(5)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(7)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(7)N1(1a)"
            },
            {
              "status": "affected",
              "version": "7.3(7)N1(1b)"
            },
            {
              "status": "affected",
              "version": "7.3(6)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(8)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(7)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(9)N1(1)"
            },
            {
              "status": "affected",
              "version": "10.1(1)"
            },
            {
              "status": "affected",
              "version": "10.1(2)"
            },
            {
              "status": "affected",
              "version": "10.1(2t)"
            },
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "7.3(10)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(8)D1(1)"
            },
            {
              "status": "affected",
              "version": "10.2(1)"
            },
            {
              "status": "affected",
              "version": "10.2(1q)"
            },
            {
              "status": "affected",
              "version": "10.2(2)"
            },
            {
              "status": "affected",
              "version": "10.2(3)"
            },
            {
              "status": "affected",
              "version": "10.2(3t)"
            },
            {
              "status": "affected",
              "version": "10.2(4)"
            },
            {
              "status": "affected",
              "version": "10.2(5)"
            },
            {
              "status": "affected",
              "version": "10.2(3v)"
            },
            {
              "status": "affected",
              "version": "7.3(9)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(11)N1(1)"
            },
            {
              "status": "affected",
              "version": "7.3(12)N1(1)"
            },
            {
              "status": "affected",
              "version": "10.3(1)"
            },
            {
              "status": "affected",
              "version": "10.3(2)"
            },
            {
              "status": "affected",
              "version": "7.3(13)N1(1)"
            }
          ]
        },
        {
          "product": "Cisco Unified Computing System (Managed)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.1(1e)"
            },
            {
              "status": "affected",
              "version": "3.1(1g)"
            },
            {
              "status": "affected",
              "version": "3.1(1h)"
            },
            {
              "status": "affected",
              "version": "3.1(1k)"
            },
            {
              "status": "affected",
              "version": "3.1(1l)"
            },
            {
              "status": "affected",
              "version": "3.1(2b)"
            },
            {
              "status": "affected",
              "version": "3.1(2c)"
            },
            {
              "status": "affected",
              "version": "3.1(2e)"
            },
            {
              "status": "affected",
              "version": "3.1(2f)"
            },
            {
              "status": "affected",
              "version": "3.1(2g)"
            },
            {
              "status": "affected",
              "version": "3.1(2h)"
            },
            {
              "status": "affected",
              "version": "3.1(3a)"
            },
            {
              "status": "affected",
              "version": "3.1(3b)"
            },
            {
              "status": "affected",
              "version": "3.1(3c)"
            },
            {
              "status": "affected",
              "version": "3.1(3d)"
            },
            {
              "status": "affected",
              "version": "3.1(3e)"
            },
            {
              "status": "affected",
              "version": "3.1(3f)"
            },
            {
              "status": "affected",
              "version": "3.1(3h)"
            },
            {
              "status": "affected",
              "version": "3.1(3j)"
            },
            {
              "status": "affected",
              "version": "3.1(3k)"
            },
            {
              "status": "affected",
              "version": "3.1(2d)"
            },
            {
              "status": "affected",
              "version": "3.1(3l)"
            },
            {
              "status": "affected",
              "version": "3.2(1d)"
            },
            {
              "status": "affected",
              "version": "3.2(2b)"
            },
            {
              "status": "affected",
              "version": "3.2(2c)"
            },
            {
              "status": "affected",
              "version": "3.2(2d)"
            },
            {
              "status": "affected",
              "version": "3.2(2e)"
            },
            {
              "status": "affected",
              "version": "3.2(2f)"
            },
            {
              "status": "affected",
              "version": "3.2(3a)"
            },
            {
              "status": "affected",
              "version": "3.2(3b)"
            },
            {
              "status": "affected",
              "version": "3.2(3d)"
            },
            {
              "status": "affected",
              "version": "3.2(3e)"
            },
            {
              "status": "affected",
              "version": "3.2(3g)"
            },
            {
              "status": "affected",
              "version": "3.2(3h)"
            },
            {
              "status": "affected",
              "version": "3.2(3i)"
            },
            {
              "status": "affected",
              "version": "3.2(3j)"
            },
            {
              "status": "affected",
              "version": "3.2(3k)"
            },
            {
              "status": "affected",
              "version": "3.2(3l)"
            },
            {
              "status": "affected",
              "version": "3.2(3n)"
            },
            {
              "status": "affected",
              "version": "3.2(3o)"
            },
            {
              "status": "affected",
              "version": "3.2(3p)"
            },
            {
              "status": "affected",
              "version": "4.0(1a)"
            },
            {
              "status": "affected",
              "version": "4.0(1b)"
            },
            {
              "status": "affected",
              "version": "4.0(1c)"
            },
            {
              "status": "affected",
              "version": "4.0(1d)"
            },
            {
              "status": "affected",
              "version": "4.0(2a)"
            },
            {
              "status": "affected",
              "version": "4.0(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(2d)"
            },
            {
              "status": "affected",
              "version": "4.0(2e)"
            },
            {
              "status": "affected",
              "version": "4.0(4b)"
            },
            {
              "status": "affected",
              "version": "4.0(4c)"
            },
            {
              "status": "affected",
              "version": "4.0(4d)"
            },
            {
              "status": "affected",
              "version": "4.0(4e)"
            },
            {
              "status": "affected",
              "version": "4.0(4f)"
            },
            {
              "status": "affected",
              "version": "4.0(4g)"
            },
            {
              "status": "affected",
              "version": "4.0(4h)"
            },
            {
              "status": "affected",
              "version": "4.0(4a)"
            },
            {
              "status": "affected",
              "version": "4.0(4i)"
            },
            {
              "status": "affected",
              "version": "4.0(4k)"
            },
            {
              "status": "affected",
              "version": "4.0(4l)"
            },
            {
              "status": "affected",
              "version": "4.0(4m)"
            },
            {
              "status": "affected",
              "version": "4.0(4n)"
            },
            {
              "status": "affected",
              "version": "4.0(4o)"
            },
            {
              "status": "affected",
              "version": "4.1(1a)"
            },
            {
              "status": "affected",
              "version": "4.1(1b)"
            },
            {
              "status": "affected",
              "version": "4.1(1c)"
            },
            {
              "status": "affected",
              "version": "4.1(2a)"
            },
            {
              "status": "affected",
              "version": "4.1(1d)"
            },
            {
              "status": "affected",
              "version": "4.1(1e)"
            },
            {
              "status": "affected",
              "version": "4.1(2b)"
            },
            {
              "status": "affected",
              "version": "4.1(3a)"
            },
            {
              "status": "affected",
              "version": "4.1(3b)"
            },
            {
              "status": "affected",
              "version": "4.1(2c)"
            },
            {
              "status": "affected",
              "version": "4.1(3d)"
            },
            {
              "status": "affected",
              "version": "4.1(3c)"
            },
            {
              "status": "affected",
              "version": "4.1(3e)"
            },
            {
              "status": "affected",
              "version": "4.1(3f)"
            },
            {
              "status": "affected",
              "version": "4.1(3h)"
            },
            {
              "status": "affected",
              "version": "4.1(3i)"
            },
            {
              "status": "affected",
              "version": "4.1(3j)"
            },
            {
              "status": "affected",
              "version": "4.1(3k)"
            },
            {
              "status": "affected",
              "version": "4.1(3l)"
            },
            {
              "status": "affected",
              "version": "4.2(1d)"
            },
            {
              "status": "affected",
              "version": "4.2(1c)"
            },
            {
              "status": "affected",
              "version": "4.2(1f)"
            },
            {
              "status": "affected",
              "version": "4.2(1i)"
            },
            {
              "status": "affected",
              "version": "4.2(1k)"
            },
            {
              "status": "affected",
              "version": "4.2(1l)"
            },
            {
              "status": "affected",
              "version": "4.2(1m)"
            },
            {
              "status": "affected",
              "version": "4.2(2a)"
            },
            {
              "status": "affected",
              "version": "4.2(2c)"
            },
            {
              "status": "affected",
              "version": "4.2(1n)"
            },
            {
              "status": "affected",
              "version": "4.2(2d)"
            },
            {
              "status": "affected",
              "version": "4.2(3b)"
            },
            {
              "status": "affected",
              "version": "4.2(2e)"
            },
            {
              "status": "affected",
              "version": "4.2(3d)"
            },
            {
              "status": "affected",
              "version": "4.2(3e)"
            },
            {
              "status": "affected",
              "version": "4.2(3g)"
            },
            {
              "status": "affected",
              "version": "4.2(3h)"
            },
            {
              "status": "affected",
              "version": "4.2(3i)"
            }
          ]
        },
        {
          "product": "Cisco Firepower Extensible Operating System (FXOS)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "2.2.1.63"
            },
            {
              "status": "affected",
              "version": "2.2.1.66"
            },
            {
              "status": "affected",
              "version": "2.2.1.70"
            },
            {
              "status": "affected",
              "version": "2.2.2.17"
            },
            {
              "status": "affected",
              "version": "2.2.2.19"
            },
            {
              "status": "affected",
              "version": "2.2.2.24"
            },
            {
              "status": "affected",
              "version": "2.2.2.26"
            },
            {
              "status": "affected",
              "version": "2.2.2.28"
            },
            {
              "status": "affected",
              "version": "2.2.2.54"
            },
            {
              "status": "affected",
              "version": "2.2.2.60"
            },
            {
              "status": "affected",
              "version": "2.2.2.71"
            },
            {
              "status": "affected",
              "version": "2.2.2.83"
            },
            {
              "status": "affected",
              "version": "2.2.2.86"
            },
            {
              "status": "affected",
              "version": "2.2.2.91"
            },
            {
              "status": "affected",
              "version": "2.2.2.97"
            },
            {
              "status": "affected",
              "version": "2.2.2.101"
            },
            {
              "status": "affected",
              "version": "2.2.2.137"
            },
            {
              "status": "affected",
              "version": "2.2.2.148"
            },
            {
              "status": "affected",
              "version": "2.2.2.149"
            },
            {
              "status": "affected",
              "version": "2.3.1.99"
            },
            {
              "status": "affected",
              "version": "2.3.1.93"
            },
            {
              "status": "affected",
              "version": "2.3.1.91"
            },
            {
              "status": "affected",
              "version": "2.3.1.88"
            },
            {
              "status": "affected",
              "version": "2.3.1.75"
            },
            {
              "status": "affected",
              "version": "2.3.1.73"
            },
            {
              "status": "affected",
              "version": "2.3.1.66"
            },
            {
              "status": "affected",
              "version": "2.3.1.58"
            },
            {
              "status": "affected",
              "version": "2.3.1.130"
            },
            {
              "status": "affected",
              "version": "2.3.1.111"
            },
            {
              "status": "affected",
              "version": "2.3.1.110"
            },
            {
              "status": "affected",
              "version": "2.3.1.144"
            },
            {
              "status": "affected",
              "version": "2.3.1.145"
            },
            {
              "status": "affected",
              "version": "2.3.1.155"
            },
            {
              "status": "affected",
              "version": "2.3.1.166"
            },
            {
              "status": "affected",
              "version": "2.3.1.173"
            },
            {
              "status": "affected",
              "version": "2.3.1.179"
            },
            {
              "status": "affected",
              "version": "2.3.1.180"
            },
            {
              "status": "affected",
              "version": "2.3.1.56"
            },
            {
              "status": "affected",
              "version": "2.3.1.190"
            },
            {
              "status": "affected",
              "version": "2.3.1.215"
            },
            {
              "status": "affected",
              "version": "2.3.1.216"
            },
            {
              "status": "affected",
              "version": "2.3.1.219"
            },
            {
              "status": "affected",
              "version": "2.3.1.230"
            },
            {
              "status": "affected",
              "version": "2.6.1.131"
            },
            {
              "status": "affected",
              "version": "2.6.1.157"
            },
            {
              "status": "affected",
              "version": "2.6.1.166"
            },
            {
              "status": "affected",
              "version": "2.6.1.169"
            },
            {
              "status": "affected",
              "version": "2.6.1.174"
            },
            {
              "status": "affected",
              "version": "2.6.1.187"
            },
            {
              "status": "affected",
              "version": "2.6.1.192"
            },
            {
              "status": "affected",
              "version": "2.6.1.204"
            },
            {
              "status": "affected",
              "version": "2.6.1.214"
            },
            {
              "status": "affected",
              "version": "2.6.1.224"
            },
            {
              "status": "affected",
              "version": "2.6.1.229"
            },
            {
              "status": "affected",
              "version": "2.6.1.230"
            },
            {
              "status": "affected",
              "version": "2.6.1.238"
            },
            {
              "status": "affected",
              "version": "2.6.1.239"
            },
            {
              "status": "affected",
              "version": "2.6.1.254"
            },
            {
              "status": "affected",
              "version": "2.6.1.259"
            },
            {
              "status": "affected",
              "version": "2.6.1.264"
            },
            {
              "status": "affected",
              "version": "2.6.1.265"
            },
            {
              "status": "affected",
              "version": "2.8.1.105"
            },
            {
              "status": "affected",
              "version": "2.8.1.125"
            },
            {
              "status": "affected",
              "version": "2.8.1.139"
            },
            {
              "status": "affected",
              "version": "2.8.1.143"
            },
            {
              "status": "affected",
              "version": "2.8.1.152"
            },
            {
              "status": "affected",
              "version": "2.8.1.162"
            },
            {
              "status": "affected",
              "version": "2.8.1.164"
            },
            {
              "status": "affected",
              "version": "2.8.1.172"
            },
            {
              "status": "affected",
              "version": "2.8.1.186"
            },
            {
              "status": "affected",
              "version": "2.8.1.190"
            },
            {
              "status": "affected",
              "version": "2.8.1.198"
            },
            {
              "status": "affected",
              "version": "2.9.1.131"
            },
            {
              "status": "affected",
              "version": "2.9.1.135"
            },
            {
              "status": "affected",
              "version": "2.9.1.143"
            },
            {
              "status": "affected",
              "version": "2.9.1.150"
            },
            {
              "status": "affected",
              "version": "2.9.1.158"
            },
            {
              "status": "affected",
              "version": "2.10.1.159"
            },
            {
              "status": "affected",
              "version": "2.10.1.166"
            },
            {
              "status": "affected",
              "version": "2.10.1.179"
            },
            {
              "status": "affected",
              "version": "2.10.1.207"
            },
            {
              "status": "affected",
              "version": "2.10.1.234"
            },
            {
              "status": "affected",
              "version": "2.10.1.245"
            },
            {
              "status": "affected",
              "version": "2.10.1.271"
            },
            {
              "status": "affected",
              "version": "2.11.1.154"
            },
            {
              "status": "affected",
              "version": "2.11.1.182"
            },
            {
              "status": "affected",
              "version": "2.11.1.200"
            },
            {
              "status": "affected",
              "version": "2.11.1.205"
            },
            {
              "status": "affected",
              "version": "2.12.0.31"
            },
            {
              "status": "affected",
              "version": "2.12.0.432"
            },
            {
              "status": "affected",
              "version": "2.12.0.450"
            },
            {
              "status": "affected",
              "version": "2.12.0.467"
            },
            {
              "status": "affected",
              "version": "2.12.0.498"
            },
            {
              "status": "affected",
              "version": "2.12.1.29"
            },
            {
              "status": "affected",
              "version": "2.12.1.48"
            },
            {
              "status": "affected",
              "version": "2.13.0.198"
            },
            {
              "status": "affected",
              "version": "2.13.0.212"
            },
            {
              "status": "affected",
              "version": "2.13.0.243"
            },
            {
              "status": "affected",
              "version": "2.14.1.131"
            }
          ]
        },
        {
          "product": "Cisco NX-OS System Software in ACI Mode",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.0(1m)"
            },
            {
              "status": "affected",
              "version": "12.0(2g)"
            },
            {
              "status": "affected",
              "version": "12.0(1n)"
            },
            {
              "status": "affected",
              "version": "12.0(1o)"
            },
            {
              "status": "affected",
              "version": "12.0(1p)"
            },
            {
              "status": "affected",
              "version": "12.0(1q)"
            },
            {
              "status": "affected",
              "version": "12.0(2h)"
            },
            {
              "status": "affected",
              "version": "12.0(2l)"
            },
            {
              "status": "affected",
              "version": "12.0(2m)"
            },
            {
              "status": "affected",
              "version": "12.0(2n)"
            },
            {
              "status": "affected",
              "version": "12.0(2o)"
            },
            {
              "status": "affected",
              "version": "12.0(2f)"
            },
            {
              "status": "affected",
              "version": "12.0(1r)"
            },
            {
              "status": "affected",
              "version": "12.1(1h)"
            },
            {
              "status": "affected",
              "version": "12.1(2e)"
            },
            {
              "status": "affected",
              "version": "12.1(3g)"
            },
            {
              "status": "affected",
              "version": "12.1(4a)"
            },
            {
              "status": "affected",
              "version": "12.1(1i)"
            },
            {
              "status": "affected",
              "version": "12.1(2g)"
            },
            {
              "status": "affected",
              "version": "12.1(2k)"
            },
            {
              "status": "affected",
              "version": "12.1(3h)"
            },
            {
              "status": "affected",
              "version": "12.1(3j)"
            },
            {
              "status": "affected",
              "version": "12.2(1n)"
            },
            {
              "status": "affected",
              "version": "12.2(2e)"
            },
            {
              "status": "affected",
              "version": "12.2(3j)"
            },
            {
              "status": "affected",
              "version": "12.2(4f)"
            },
            {
              "status": "affected",
              "version": "12.2(4p)"
            },
            {
              "status": "affected",
              "version": "12.2(3p)"
            },
            {
              "status": "affected",
              "version": "12.2(3r)"
            },
            {
              "status": "affected",
              "version": "12.2(3s)"
            },
            {
              "status": "affected",
              "version": "12.2(3t)"
            },
            {
              "status": "affected",
              "version": "12.2(2f)"
            },
            {
              "status": "affected",
              "version": "12.2(2i)"
            },
            {
              "status": "affected",
              "version": "12.2(2j)"
            },
            {
              "status": "affected",
              "version": "12.2(2k)"
            },
            {
              "status": "affected",
              "version": "12.2(2q)"
            },
            {
              "status": "affected",
              "version": "12.2(1o)"
            },
            {
              "status": "affected",
              "version": "12.2(4q)"
            },
            {
              "status": "affected",
              "version": "12.2(4r)"
            },
            {
              "status": "affected",
              "version": "12.3(1e)"
            },
            {
              "status": "affected",
              "version": "12.3(1f)"
            },
            {
              "status": "affected",
              "version": "12.3(1i)"
            },
            {
              "status": "affected",
              "version": "12.3(1l)"
            },
            {
              "status": "affected",
              "version": "12.3(1o)"
            },
            {
              "status": "affected",
              "version": "12.3(1p)"
            },
            {
              "status": "affected",
              "version": "13.0(1k)"
            },
            {
              "status": "affected",
              "version": "13.0(2h)"
            },
            {
              "status": "affected",
              "version": "13.0(2k)"
            },
            {
              "status": "affected",
              "version": "13.0(2n)"
            },
            {
              "status": "affected",
              "version": "13.1(1i)"
            },
            {
              "status": "affected",
              "version": "13.1(2m)"
            },
            {
              "status": "affected",
              "version": "13.1(2o)"
            },
            {
              "status": "affected",
              "version": "13.1(2p)"
            },
            {
              "status": "affected",
              "version": "13.1(2q)"
            },
            {
              "status": "affected",
              "version": "13.1(2s)"
            },
            {
              "status": "affected",
              "version": "13.1(2t)"
            },
            {
              "status": "affected",
              "version": "13.1(2u)"
            },
            {
              "status": "affected",
              "version": "13.1(2v)"
            },
            {
              "status": "affected",
              "version": "13.2(1l)"
            },
            {
              "status": "affected",
              "version": "13.2(1m)"
            },
            {
              "status": "affected",
              "version": "13.2(2l)"
            },
            {
              "status": "affected",
              "version": "13.2(2o)"
            },
            {
              "status": "affected",
              "version": "13.2(3i)"
            },
            {
              "status": "affected",
              "version": "13.2(3n)"
            },
            {
              "status": "affected",
              "version": "13.2(3o)"
            },
            {
              "status": "affected",
              "version": "13.2(3r)"
            },
            {
              "status": "affected",
              "version": "13.2(4d)"
            },
            {
              "status": "affected",
              "version": "13.2(4e)"
            },
            {
              "status": "affected",
              "version": "13.2(3s)"
            },
            {
              "status": "affected",
              "version": "13.2(5d)"
            },
            {
              "status": "affected",
              "version": "13.2(5e)"
            },
            {
              "status": "affected",
              "version": "13.2(5f)"
            },
            {
              "status": "affected",
              "version": "13.2(6i)"
            },
            {
              "status": "affected",
              "version": "13.2(7f)"
            },
            {
              "status": "affected",
              "version": "13.2(7k)"
            },
            {
              "status": "affected",
              "version": "13.2(9b)"
            },
            {
              "status": "affected",
              "version": "13.2(9f)"
            },
            {
              "status": "affected",
              "version": "13.2(9h)"
            },
            {
              "status": "affected",
              "version": "13.2(10e)"
            },
            {
              "status": "affected",
              "version": "13.2(10f)"
            },
            {
              "status": "affected",
              "version": "13.2(10g)"
            },
            {
              "status": "affected",
              "version": "14.0(1h)"
            },
            {
              "status": "affected",
              "version": "14.0(2c)"
            },
            {
              "status": "affected",
              "version": "14.0(3d)"
            },
            {
              "status": "affected",
              "version": "14.0(3c)"
            },
            {
              "status": "affected",
              "version": "14.1(1i)"
            },
            {
              "status": "affected",
              "version": "14.1(1j)"
            },
            {
              "status": "affected",
              "version": "14.1(1k)"
            },
            {
              "status": "affected",
              "version": "14.1(1l)"
            },
            {
              "status": "affected",
              "version": "14.1(2g)"
            },
            {
              "status": "affected",
              "version": "14.1(2m)"
            },
            {
              "status": "affected",
              "version": "14.1(2o)"
            },
            {
              "status": "affected",
              "version": "14.1(2s)"
            },
            {
              "status": "affected",
              "version": "14.1(2u)"
            },
            {
              "status": "affected",
              "version": "14.1(2w)"
            },
            {
              "status": "affected",
              "version": "14.1(2x)"
            },
            {
              "status": "affected",
              "version": "14.2(1i)"
            },
            {
              "status": "affected",
              "version": "14.2(1j)"
            },
            {
              "status": "affected",
              "version": "14.2(1l)"
            },
            {
              "status": "affected",
              "version": "14.2(2e)"
            },
            {
              "status": "affected",
              "version": "14.2(2f)"
            },
            {
              "status": "affected",
              "version": "14.2(2g)"
            },
            {
              "status": "affected",
              "version": "14.2(3j)"
            },
            {
              "status": "affected",
              "version": "14.2(3l)"
            },
            {
              "status": "affected",
              "version": "14.2(3n)"
            },
            {
              "status": "affected",
              "version": "14.2(3q)"
            },
            {
              "status": "affected",
              "version": "14.2(4i)"
            },
            {
              "status": "affected",
              "version": "14.2(4k)"
            },
            {
              "status": "affected",
              "version": "14.2(4o)"
            },
            {
              "status": "affected",
              "version": "14.2(4p)"
            },
            {
              "status": "affected",
              "version": "14.2(5k)"
            },
            {
              "status": "affected",
              "version": "14.2(5l)"
            },
            {
              "status": "affected",
              "version": "14.2(5n)"
            },
            {
              "status": "affected",
              "version": "14.2(6d)"
            },
            {
              "status": "affected",
              "version": "14.2(6g)"
            },
            {
              "status": "affected",
              "version": "14.2(6h)"
            },
            {
              "status": "affected",
              "version": "14.2(6l)"
            },
            {
              "status": "affected",
              "version": "14.2(7f)"
            },
            {
              "status": "affected",
              "version": "14.2(7l)"
            },
            {
              "status": "affected",
              "version": "14.2(6o)"
            },
            {
              "status": "affected",
              "version": "14.2(7q)"
            },
            {
              "status": "affected",
              "version": "14.2(7r)"
            },
            {
              "status": "affected",
              "version": "14.2(7s)"
            },
            {
              "status": "affected",
              "version": "14.2(7t)"
            },
            {
              "status": "affected",
              "version": "14.2(7u)"
            },
            {
              "status": "affected",
              "version": "14.2(7v)"
            },
            {
              "status": "affected",
              "version": "14.2(7w)"
            },
            {
              "status": "affected",
              "version": "15.0(1k)"
            },
            {
              "status": "affected",
              "version": "15.0(1l)"
            },
            {
              "status": "affected",
              "version": "15.0(2e)"
            },
            {
              "status": "affected",
              "version": "15.0(2h)"
            },
            {
              "status": "affected",
              "version": "15.1(1h)"
            },
            {
              "status": "affected",
              "version": "15.1(2e)"
            },
            {
              "status": "affected",
              "version": "15.1(3e)"
            },
            {
              "status": "affected",
              "version": "15.1(4c)"
            },
            {
              "status": "affected",
              "version": "15.2(1g)"
            },
            {
              "status": "affected",
              "version": "15.2(2e)"
            },
            {
              "status": "affected",
              "version": "15.2(2f)"
            },
            {
              "status": "affected",
              "version": "15.2(2g)"
            },
            {
              "status": "affected",
              "version": "15.2(2h)"
            },
            {
              "status": "affected",
              "version": "15.2(3e)"
            },
            {
              "status": "affected",
              "version": "15.2(3f)"
            },
            {
              "status": "affected",
              "version": "15.2(3g)"
            },
            {
              "status": "affected",
              "version": "15.2(4d)"
            },
            {
              "status": "affected",
              "version": "15.2(4e)"
            },
            {
              "status": "affected",
              "version": "15.2(5c)"
            },
            {
              "status": "affected",
              "version": "15.2(5d)"
            },
            {
              "status": "affected",
              "version": "15.2(5e)"
            },
            {
              "status": "affected",
              "version": "15.2(4f)"
            },
            {
              "status": "affected",
              "version": "15.2(6e)"
            },
            {
              "status": "affected",
              "version": "15.2(6g)"
            },
            {
              "status": "affected",
              "version": "15.2(7f)"
            },
            {
              "status": "affected",
              "version": "15.2(7g)"
            },
            {
              "status": "affected",
              "version": "15.2(8d)"
            },
            {
              "status": "affected",
              "version": "15.2(8e)"
            },
            {
              "status": "affected",
              "version": "15.2(8f)"
            },
            {
              "status": "affected",
              "version": "15.2(8g)"
            },
            {
              "status": "affected",
              "version": "16.0(1g)"
            },
            {
              "status": "affected",
              "version": "16.0(1j)"
            },
            {
              "status": "affected",
              "version": "16.0(2h)"
            },
            {
              "status": "affected",
              "version": "16.0(2j)"
            },
            {
              "status": "affected",
              "version": "16.0(3d)"
            },
            {
              "status": "affected",
              "version": "16.0(3e)"
            },
            {
              "status": "affected",
              "version": "15.3(1d)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device.\r\n\r Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-805",
              "description": "Buffer Access with Incorrect Length Value",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-28T16:16:56.717Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-nxos-lldp-dos-z7PncTgt",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-lldp-dos-z7PncTgt"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-lldp-dos-z7PncTgt",
        "defects": [
          "CSCwf67412",
          "CSCwf67468",
          "CSCwi31871",
          "CSCwe86457",
          "CSCwf67408",
          "CSCwf67409",
          "CSCwf67411",
          "CSCwi29934"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20294",
    "datePublished": "2024-02-28T16:16:56.717Z",
    "dateReserved": "2023-11-08T15:08:07.629Z",
    "dateUpdated": "2024-08-01T21:59:41.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1368
Vulnerability from cvelistv5
Published
2021-02-24 19:30
Modified
2024-09-16 18:33
Summary
Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:16.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210224 Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-udld-rce-xetH6w35"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T19:30:49",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210224 Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-udld-rce-xetH6w35"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-udld-rce-xetH6w35",
        "defect": [
          [
            "CSCvv78238",
            "CSCvv96088",
            "CSCvv96090",
            "CSCvv96092",
            "CSCvv96107",
            "CSCvw38964",
            "CSCvw38981",
            "CSCvw38982",
            "CSCvw38983",
            "CSCvw38984",
            "CSCvw38995",
            "CSCvw45654"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-02-24T16:00:00",
          "ID": "CVE-2021-1368",
          "STATE": "PUBLIC",
          "TITLE": "Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.8",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210224 Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-udld-rce-xetH6w35"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-nxos-udld-rce-xetH6w35",
          "defect": [
            [
              "CSCvv78238",
              "CSCvv96088",
              "CSCvv96090",
              "CSCvv96092",
              "CSCvv96107",
              "CSCvw38964",
              "CSCvw38981",
              "CSCvw38982",
              "CSCvw38983",
              "CSCvw38984",
              "CSCvw38995",
              "CSCvw45654"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1368",
    "datePublished": "2021-02-24T19:30:49.775173Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-09-16T18:33:33.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3168
Vulnerability from cvelistv5
Published
2020-02-26 16:51
Modified
2024-09-17 01:01
Summary
Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.707Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200226 Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "n/a",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-26T16:51:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200226 Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20200226-nexus-1000v-dos",
        "defect": [
          [
            "CSCvp26722"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-02-26T16:00:00-0800",
          "ID": "CVE-2020-3168",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.5",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200226 Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20200226-nexus-1000v-dos",
          "defect": [
            [
              "CSCvp26722"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3168",
    "datePublished": "2020-02-26T16:51:00.640088Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-09-17T01:01:32.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1811
Vulnerability from cvelistv5
Published
2019-05-15 22:20
Modified
2024-09-17 01:01
Summary
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities
Impacted products
CiscoCisco NX-OS Software
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"
          },
          {
            "name": "108425",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108425"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-23T08:06:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"
        },
        {
          "name": "108425",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108425"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-nxos-sisv2",
        "defect": [
          [
            "CSCvj14093",
            "CSCvj14106",
            "CSCvj14182",
            "CSCvk53125",
            "CSCvk53227",
            "CSCvk53256"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1811",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-347"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"
            },
            {
              "name": "108425",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108425"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-nxos-sisv2",
          "defect": [
            [
              "CSCvj14093",
              "CSCvj14106",
              "CSCvj14182",
              "CSCvk53125",
              "CSCvk53227",
              "CSCvk53256"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1811",
    "datePublished": "2019-05-15T22:20:32.758700Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T01:01:42.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}