Total
94 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6770 | 1 Cisco | 7 Adaptive Security Appliance Software, Ios, Ios Xe and 4 more | 2023-12-10 | 4.0 MEDIUM | 4.2 MEDIUM |
| Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic. The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router to flush its routing table and propagate the crafted OSPF LSA type 1 update throughout the OSPF AS domain. To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast OSPF LSA type 1 packets. No other LSA type packets can trigger this vulnerability. OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability. Cisco Bug IDs: CSCva74756, CSCve47393, CSCve47401. | |||||
| CVE-2017-12330 | 1 Cisco | 1 Nx-os | 2023-12-10 | 4.6 MEDIUM | 6.3 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gaining unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99902, CSCvf14879. | |||||
| CVE-2017-12336 | 1 Cisco | 2 Nx-os, Unified Computing System | 2023-12-10 | 4.6 MEDIUM | 4.2 MEDIUM |
| A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127. | |||||
| CVE-2011-4667 | 1 Cisco | 2 Ios, Nx-os | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. | |||||
| CVE-2017-12338 | 1 Cisco | 3 Lan Switch Software, Nx-os, Unified Computing System | 2023-12-10 | 2.1 LOW | 6.0 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted command on the CLI. An exploit could allow the attacker unauthorized access to read arbitrary files on the underlying local file system. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to read files from any VDC. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve51707, CSCve93961, CSCve93964, CSCve93965, CSCve93968, CSCve93974, CSCve93976. | |||||
| CVE-2017-12334 | 1 Cisco | 2 Nx-os, Unified Computing System | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf15113, CSCvf15122, CSCvf15125, CSCvf15131, CSCvf15143, CSCvg04088. | |||||
| CVE-2017-12332 | 1 Cisco | 2 Nx-os, Unified Computing System | 2023-12-10 | 4.9 MEDIUM | 4.4 MEDIUM |
| A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832. | |||||
| CVE-2017-3804 | 1 Cisco | 5 Nexus 5000, Nexus 6001, Nexus 6004 and 2 more | 2023-12-10 | 5.7 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. Switches in the FabricPath domain crash because of an __inst_001__isis_fabricpath hap reset when processing a crafted link-state packet. More Information: CSCvc45002. Known Affected Releases: 7.1(3)N1(2.1) 7.1(3)N1(3.12) 7.3(2)N1(0.296) 8.0(1)S2. Known Fixed Releases: 6.2(18)S11 7.0(3)I5(1.170) 7.0(3)I5(2) 7.1(4)N1(0.4) 7.1(4)N1(1b) 7.1(5)N1(0.986) 7.1(5)N1(1) 7.2(3)D1(0.8) 7.3(2)N1(0.304) 7.3(2)N1(1) 8.0(0.96)S0 8.0(1) 8.0(1)E1 8.0(1)S4 8.3(0)CV(0.788). | |||||
| CVE-2017-3878 | 1 Cisco | 20 Nexus 92160yc Switch, Nexus 92300yc Switch, Nexus 92304qc Switch and 17 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet connections to the device. More Information: CSCux46778. Known Affected Releases: 7.0(3)I3(0.170). Known Fixed Releases: 7.0(3)I3(1) 7.0(3)I3(0.257) 7.0(3)I3(0.255) 7.0(3)I2(2e) 7.0(3)F1(1.22) 7.0(3)F1(1). | |||||
| CVE-2017-3879 | 1 Cisco | 20 Nexus 92160yc Switch, Nexus 92300yc Switch, Nexus 92304qc Switch and 17 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. The attacker could use either a Telnet or an SSH client for the remote login attempt. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet connections to the device. More Information: CSCuy25824. Known Affected Releases: 7.0(3)I3(1) 8.3(0)CV(0.342) 8.3(0)CV(0.345). Known Fixed Releases: 8.3(0)CV(0.362) 8.0(1) 7.0(3)IED5(0.19) 7.0(3)IED5(0) 7.0(3)I4(1) 7.0(3)I4(0.8) 7.0(3)I2(2e) 7.0(3)F1(1.22) 7.0(3)F1(1) 7.0(3)F1(0.230). | |||||
| CVE-2017-3875 | 1 Cisco | 9 Nexus 7000 10-slot, Nexus 7000 18-slot, Nexus 7000 4-slot and 6 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypass defined traffic configured within an access control list (ACL) on the affected system. More Information: CSCtz59354. Known Affected Releases: 5.2(4) 6.1(3)S5 6.1(3)S6 6.2(1.121)S0 7.2(1)D1(1) 7.3(0)ZN(0.161) 7.3(1)N1(0.1). Known Fixed Releases: 7.3(0)D1(1) 6.2(2) 6.1(5) 8.3(0)KMT(0.24) 8.3(0)CV(0.337) 7.3(1)N1(1) 7.3(0)ZN(0.210) 7.3(0)ZN(0.177) 7.3(0)ZD(0.194) 7.3(0)TSH(0.99) 7.3(0)SC(0.14) 7.3(0)RSP(0.7) 7.3(0)N1(1) 7.3(0)N1(0.193) 7.3(0)IZN(0.13) 7.3(0)IB(0.102) 7.3(0)GLF(0.44) 7.3(0)D1(0.178) 7.1(0)D1(0.14) 7.0(3)ITI2(1.6) 7.0(3)ISH1(2.13) 7.0(3)IFD6(0.78) 7.0(3)IFD6(0) 7.0(3)IDE6(0.12) 7.0(3)IDE6(0) 7.0(3)I2(1) 7.0(3)I2(0.315) 7.0(1)ZD(0.3) 7.0(0)ZD(0.84) 6.2(1.149)S0 6.2(0.285) 6.1(5.32)S0 6.1(4.97)S0 6.1(2.30)S0. | |||||
| CVE-2016-6457 | 1 Cisco | 19 Application Policy Infrastructure Controller, Nexus 92160yc-x, Nexus 92304qc and 16 more | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) - ACI Mode and Cisco Application Policy Infrastructure Controller (APIC). More Information: CSCuy93241. Known Affected Releases: 11.2(2x) 11.2(3x) 11.3(1x) 11.3(2x) 12.0(1x). Known Fixed Releases: 11.2(2i) 11.2(2j) 11.2(3f) 11.2(3g) 11.2(3h) 11.2(3l) 11.3(0.236) 11.3(1j) 11.3(2i) 11.3(2j) 12.0(1r). | |||||
| CVE-2016-1465 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
| Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985. | |||||
| CVE-2016-1454 | 1 Cisco | 54 5548p, 5548up, 5596t and 51 more | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
| Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417. | |||||