Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1368 | 1 Cisco | 101 Firepower 4110, Firepower 4112, Firepower 4115 and 98 more | 2023-12-10 | 4.9 MEDIUM | 8.8 HIGH |
| A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability. | |||||
| CVE-2020-3545 | 1 Cisco | 10 Firepower 4110, Firepower 4112, Firepower 4115 and 7 more | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability. | |||||
| CVE-2020-3504 | 1 Cisco | 108 Firepower 1010, Firepower 1120, Firepower 1140 and 105 more | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI. | |||||
| CVE-2020-3517 | 1 Cisco | 98 Firepower 4110, Firepower 4112, Firepower 4115 and 95 more | 2023-12-10 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition. | |||||
| CVE-2019-12697 | 1 Cisco | 23 Asa 5500-x, Firepower, Firepower 1010 and 20 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3169 | 1 Cisco | 16 Firepower 4110, Firepower 4115, Firepower 4120 and 13 more | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
| CVE-2019-1734 | 1 Cisco | 94 Firepower 4110, Firepower 4112, Firepower 4115 and 91 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability. | |||||
| CVE-2019-12675 | 1 Cisco | 17 Firepower 4110, Firepower 4110 Firmware, Firepower 4115 and 14 more | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances. | |||||
| CVE-2020-3172 | 1 Cisco | 107 Firepower 4110, Firepower 4115, Firepower 4120 and 104 more | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability. | |||||
| CVE-2019-12696 | 1 Cisco | 23 Asa 5500-x, Firepower, Firepower 1010 and 20 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-12674 | 1 Cisco | 17 Firepower 4110, Firepower 4110 Firmware, Firepower 4115 and 14 more | 2023-12-10 | 7.2 HIGH | 8.2 HIGH |
| Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances. | |||||
| CVE-2020-3167 | 1 Cisco | 27 Adaptive Security Appliance Software, Firepower 1010, Firepower 1120 and 24 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. | |||||
| CVE-2020-3166 | 1 Cisco | 19 Adaptive Security Appliance Software, Firepower 1010, Firepower 1120 and 16 more | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS. | |||||
| CVE-2020-3171 | 1 Cisco | 21 Firepower 2110, Firepower 2120, Firepower 2130 and 18 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. | |||||
| CVE-2020-3120 | 1 Cisco | 144 Asr 9000v, Asr 9001, Asr 9006 and 141 more | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2019-1690 | 1 Cisco | 100 Application Policy Infrastructure Controller, Firepower 2110, Firepower 2120 and 97 more | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interface of an affected device. An attacker on the same physical network could exploit this vulnerability by attempting to connect to the IPv6 link-local address on the affected device. A successful exploit could allow the attacker to bypass default access control restrictions on an affected device. Cisco Application Policy Infrastructure Controller (APIC) devices running versions prior to 4.2(0.21c) are affected. | |||||
| CVE-2019-1780 | 1 Cisco | 92 Firepower 4110, Firepower 4115, Firepower 4120 and 89 more | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected. | |||||
| CVE-2019-1728 | 1 Cisco | 40 Firepower 4110, Firepower 4115, Firepower 4120 and 37 more | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device. | |||||
| CVE-2019-1779 | 1 Cisco | 90 Firepower 4110, Firepower 4112, Firepower 4115 and 87 more | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability. | |||||