Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-1778

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-15 May, 2019 | 19:35
Updated At-20 Nov, 2024 | 17:21
Rejected At-
Credits

Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:15 May, 2019 | 19:35
Updated At:20 Nov, 2024 | 17:21
Rejected At:
▼CVE Numbering Authority (CNA)
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco NX-OS Software
Versions
Affected
  • From unspecified before 7.0(3)I7(4) (custom)
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78
Type: CWE
CWE ID: CWE-78
Description: CWE-78
Metrics
VersionBase scoreBase severityVector
3.06.7MEDIUM
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778
vendor-advisory
x_refsource_CISCO
http://www.securityfocus.com/bid/108362
vdb-entry
x_refsource_BID
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778
Resource:
vendor-advisory
x_refsource_CISCO
Hyperlink: http://www.securityfocus.com/bid/108362
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778
vendor-advisory
x_refsource_CISCO
x_transferred
http://www.securityfocus.com/bid/108362
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/108362
Resource:
vdb-entry
x_refsource_BID
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:15 May, 2019 | 20:29
Updated At:01 Mar, 2023 | 18:38

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.06.7MEDIUM
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>nx-os>>Versions before 7.0\(3\)i4\(9\)(exclusive)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>Versions from 7.0\(3\)i7(inclusive) to 7.0\(3\)i7\(4\)(exclusive)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3016>>-
cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3048>>-
cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3064>>-
cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3064-t>>-
cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_31108pc-v>>-
cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_31108tc-v>>-
cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_31128pq>>-
cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3132c-z>>-
cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3132q>>-
cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3132q-v>>-
cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3132q-xl>>-
cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3164q>>-
cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3172>>-
cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3172pq-xl>>-
cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3172tq>>-
cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3172tq-32t>>-
cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3172tq-xl>>-
cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3232c>>-
cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3264c-e>>-
cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3264q>>-
cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_34180yc>>-
cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3464c>>-
cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3524>>-
cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3524-x>>-
cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3524-x\/xl>>-
cpe:2.3:h:cisco:nexus_3524-x\/xl:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3524-xl>>-
cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3548>>-
cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3548-x>>-
cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3548-x\/xl>>-
cpe:2.3:h:cisco:nexus_3548-x\/xl:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3548-xl>>-
cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_36180yc-r>>-
cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_3636c-r>>-
cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9200yc>>-
cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_92304qc>>-
cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9236c>>-
cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9272q>>-
cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93108tc-ex>>-
cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93108tc-fx>>-
cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93120tx>>-
cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93128tx>>-
cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93180lc-ex>>-
cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93180yc-ex>>-
cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93180yc-fx>>-
cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93240tc-fx2>>-
cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9332c>>-
cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9332pq>>-
cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9336pq_aci>>-
cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9348gc-fxp>>-
cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondaryykramarz@cisco.com
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/108362ykramarz@cisco.com
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778ykramarz@cisco.com
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/108362
Source: ykramarz@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1778
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

752Records found
CVE-2012-4075
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.22% / 44.50%
||
7 Day CHG~0.00%
Published-05 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nx-osn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1839
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 28.36%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:10
Updated-20 Nov, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Remote PHY Device Software Command Injection Vulnerability

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying various CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-cbr-8_firmwareremote_phy_120remote_phy_120_firmwareremote_phy_shelf_7200_firmwareremote_phy_220_firmwarecbr-8remote_phy_220remote_phy_shelf_7200Cisco Remote PHY
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1883
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7||HIGH
EPSS-0.14% / 35.26%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:20
Updated-20 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Integrated Management Controller CLI Command Injection Vulnerability

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_c125_m5ucs_s3260integrated_management_controller_supervisorucs-e1120d-m3ucs-e160s-m3ucs_c4200ucs-e140s-m2encs_5100ucs-e160d-m2encs_5400unified_computing_systemucs-e180d-m3ucs-e168d-m2Cisco Unified Computing System E-Series Software (UCSE)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1768
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 32.68%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 01:25
Updated-20 Nov, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability

A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3132c-znexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_92300ycnexus_3064nexus_3232cnexus_9396pxnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1745
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.92%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:40
Updated-20 Nov, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Command Injection Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands. An exploit could allow the attacker to gain root privileges on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1829
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.34% / 56.24%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 01:15
Updated-20 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Aironet Series Access Points Command Injection Vulnerability

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_1562iaironet_1542daironet_1850eaironet_1562eaironet_1850iaironet_2800iaironet_1542iaironet_1562daironet_3800eaironet_3800paironet_2800eaironet_access_point_firmwareaironet_1800iaironet_3800iCisco Aironet Access Point Software
CWE ID-CWE-16
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1770
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:20
Updated-21 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnexus_93108tc-exnexus_3636c-rnexus_95089736pqnexus_93120txnexus_60007000_10-slotnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004nexus_7700_supervisor_3en9k-x9732c-fxn9k-x9464tx2n7k-f248xp-25en77-f324fq-25nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_5020nexus_9336c-fx2nexus_7700_supervisor_2e7700_2-slotnexus_3132c-zx9636q-rnexus_31108tc-vnexus_3172pq\/pq-xlnexus_5548pnexus_9348gc-fxpnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+n7k-f306ck-25nexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_93180yc-fxnexus_3264qnexus_3432d-sns-oxn7k-m348xp-25lnexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fx7000_4-slotnexus_9500_supervisor_a\+nexus_5596upn9k-x9736c-ex7700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xln7k-m206fq-23ln9k-x97160yc-exnexus_5696qn77-f348xp-23nexus_92160yc-xnexus_9500_supervisor_b7000_18-slotnexus_9504nexus_3048n77-m324fq-25lnexus_6001nexus_93108tc-fxnexus_93360yc-fx2n7k-m202cf-22lnexus_9500_supervisor_an7k-f312fq-257000_9-slotnexus_92300ycnexus_3232cn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn7k-m324fq-25ln9k-x9564txnexus_5010nexus_7000_supervisor_2e7700_10-slotnexus_1000vn77-f430cq-36n9k-x9464pxn77-m348xp-23l7700_18-slot9432pqnexus_5596tnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-sn9k-x9564pxnexus_9516n9k-x9636c-rn7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1776
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:30
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pucs_6332-16upnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23ucs_6248upnexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2ucs_6324n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rucs_6332nexus_3232cn7k-m324fq-25lmds_9222iucs_6296upnexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1893
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.21%
||
7 Day CHG~0.00%
Published-06 Jul, 2019 | 01:20
Updated-20 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker could exploit this vulnerability by including malicious input during the execution of this file. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_nfv_infrastructure_softwareCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1767
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 32.68%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 18:45
Updated-20 Nov, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability

A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities. NX-OS versions prior to 8.3(1) are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3132c-znexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_92300ycnexus_3064nexus_3232cnexus_9396pxnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15997
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.16% / 37.90%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:41
Updated-20 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco DNA Spaces: Connector Command Injection Vulnerability

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-dna_spaces\Cisco DNA Spaces
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1612
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.08% / 24.69%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-21 Nov, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Stand are affected running software versions prior to 7.0(3)F3(5).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_9000nexus_9500nx-osnexus_3000nexus_3600Nexus 3600 Platform SwitchesNexus 9000 Series Switches in Standalone NX-OS ModeNexus 3500 Platform SwitchesNexus 3000 Series SwitchesNexus 9500 R-Series Line Cards and Fabric Modules
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15996
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 27.04%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:41
Updated-20 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco DNA Spaces: Connector Privilege Escalation Vulnerability

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions to modify sensitive files. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-dna_spaces\Cisco DNA Spaces
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15277
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 27.04%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-20 Nov, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and sending malicious traffic to a listener who is internal to the device. A successful exploit could allow the attacker to execute commands with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_collaboration_endpointCisco TelePresence TC Software
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-12717
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 32.47%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Virtualization Manager Command Injection Vulnerability

A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges, which may lead to complete system compromise. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_6004nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_7000_9-slotnexus_9364cnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3164qnexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_7700_18-slotnexus_5596upnexus_3524nexus_3548nexus_7000_4-slotnexus_7700_6-slotnexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xnexus_7700_10-slotnexus_9500nexus_3048nexus_9372tx-enexus_9504nexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_7000_10-slotnexus_7000nexus_92300ycnexus_3064nexus_3232cnexus_5548upnexus_9396pxnexus_5596tnexus_3264c-enexus_7700_2-slotnexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_6004xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_7000_18-slotnexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software 5.0(3)A1(1)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-12699
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.17% / 39.19%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-20 Nov, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300firepower_4100firepower_2100firepower_threat_defensefirepower_9300_firmwarefirepower_extensible_operating_systemfirepower_1000Cisco Firepower Extensible Operating System (FXOS)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-34719
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 05:00
Updated-07 Nov, 2024 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-82018101-32hncs_5001ncs_5002asr_9010ncs_4009ncs_540_fronthaul8202ncs_1001asr_9902ncs_5501-sencs_5516ncs_6000asr_9006ncs_540ncs_4016asr_9000v-v2ios_xrncs_5502-se8201-32fhncs_5508asr_9903ncs_5501ios_xrv880488128818ncs_5011ios_xrv_9000asr_90018101-32fhncs_6008asr_9910asr_99068808asr_9904asr_9912asr_9922ncs_560-4ncs_1004ncs_560-7ncs_10028102-64hncs_5502ncs_520asr_9901Cisco IOS XR Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1476
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.85%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 17:30
Updated-08 Nov, 2024 | 23:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. To exploit this vulnerability, an attacker must have valid administrator-level credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1382
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.14% / 34.38%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:07
Updated-08 Nov, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-3367
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 53.51%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 17:40
Updated-13 Nov, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asyncosCisco Web Security Appliance (WSA)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1649
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.26% / 48.77%
||
7 Day CHG~0.00%
Published-13 May, 2019 | 19:10
Updated-20 Nov, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Boot Hardware Tampering Vulnerability

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300nim-4e\/mfirepower_4150nim-4bri-nt\/teasr-920-12sz-im-ccnx-osa900-rsp3c-400\/wic3000-k9_firmwareasr-920-12cz-aintegrated_services_router_4400_firmware1240_connected_grid_routerncs-55a2-mod-se-h-snim-2foxc9300-24ufirepower_9000_firmware4331_integrated_services_routerasr1000-6tgenim-4fxsc6800-sup6t-xln77-sup3enc55-5504-fcnim-2fxs\/4fxoncs-55a1-36h-sc6800-8p10g-xlc6824-x-le-40gcatalyst_9800-80_wireless_controllernim-2ge-cu-sfpasr-920-4sz-aasr-920-12sz-da99-32x100ge-cma99-rp3-trc9500-24qsm-x-1t3\/e3_firmwarefirepower_4140n9k-sup-b\+nim-4fxoasr_1000_seriesasa_5506-xn9k-c93108tc-fxn7k-m348xp-25lasr-920-24sz-mncs2k-mr-mxp-k9_firmwareasr_1001_firmwareencs_5100sm-x-pvdm-3000nim-2mft-t1\/e1network_convergence_system_1002ncs-55a1-36h-sec9500-32csm-x-1t3\/e3n3k-c3264c-ec9300-24tons_15454_mstp_firmwarencs-5502cbr-ccap-lc-40g-rc6840-x-le-40ga9k-rsp5-senim-2fxsnim-1ce1t1-princ55-24h12f-seasr-920-10sz-pdasr-920-4sz-dintegrated_services_router_4200_firmwareons_15454_mstpasr-920-12cz-dnetwork_convergence_system_5001n9k-c93180yc-fxfirepower_4120c9300-48tn9k-c9348gc-fxpcbr-lc-8d31-16u31a900-rsp2a-64c9500-40xasr-920-24tz-imnim-8ce1t1-priencs_5400_firmwaren77-m312cq-26lncs2k-mr-mxp-k915454-m-wse-k9_firmwarecatalyst_9600_supervisor_engine-1cbr-8_converged_broadband_routerfirepower_2120c9300-48unn9k-c93240yc-fx2nc55-36x100g-a-sen9k-c93108tc-exn3k-c3132c-za99-32x100ge-trc9300-24uxc9300-48unc55-mod-a-snim-8mft-t1\/e11120_connected_grid_routerasr-920-24tz-masr-920-12sz-aic3000-k9asr1000-mip100asa_5516-xa9k-rsp5-trindustrial_security_appliances_3000_firmwarea900-rsp2a-128c6816-x-lefirepower_2130nim-2fxspfirepower_4110nim-2bri-nt\/tea9k-16x100ge-trc9500-12qfirepower_2110nc55-36x100g-sc6800-32p10g-xlintegrated_services_router_4300_firmwarea99-rp3-secatalyst_9800-40_wireless_controllerasr1000-2t\+20x1gencs-5501sm-x-pvdm-1000n9k-c93180yc-exncs-5501-sec9500-16xc6800-16p10g-xlc6800-8p40g-xla9k-16x100ge-cmnim-1mft-t1\/e1809_industrial_integrated_services_routersnim-4mft-t1\/e115454-m-wse-k9nim-4fxspncs-55a2-mod-se-s44461_integrated_services_routerasr1000-rp34221_integrated_services_routernc55-6x200-dwdm-sasr1000-esp200c9300-48pncs-55a2-mod-sn3k-c31108pc-vasr_1001-hxc6832-x-lesupervisor_b\+_firmwaresm-x-pvdm-500network_convergence_system_5002c9300-24p4451-x_integrated_services_routerc9500-32qcc9300-48uxm829_industrial_integrated_services_routersds-x9334-k9ds-x9648-1536k9firepower_4000_firmwareasr_1002-hxn9k-c92300ycencs_5400catalyst_9800-40_wireless_controller_firmwaresupervisor_a\+_firmwarencs-55a2-mod-hd-siosasr_1000-esp100nc55-5516-fcios_xrnim-1ge-cu-sfpa99-16x100ge-x-sen3k-c31108tc-vsm-x-pvdm-2000a900-rsp3c-200ncs-55a2-mod-hx-s4321_integrated_services_routern7k-m324fq-25lnim-2ce1t1-priencs_5100_firmware4431_integrated_services_routernim-2fxs\/4fxopasa_5506h-xindustrial_security_appliances_3000n77-m348xp-23lfirepower_2100_firmwareios_xencs-5502-seasa_5500_firmwarencs-55a1-24hasa_5506w-xfirepower_2140catalyst_9800-80_wireless_controller_firmwarec9500-48y4canalog_voice_network_interface_modules_firmwareintegrated_services_router_t1\/e1_voice_and_wan_network_interface_modules_firmwareasr_1001-xn9k-c93180lc-exn9k-sup-a\+c9500-24y4casr_1000_series_firmwareasa_5508-x4351_integrated_services_routerCisco Routers
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-667
Improper Locking
CVE-2016-6428
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xrn/a
CVE-2016-6362
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.34% / 55.98%
||
7 Day CHG~0.00%
Published-22 Aug, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-aironet_access_point_softwaren/a
CVE-2019-1600
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 33.38%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 20:00
Updated-20 Nov, 2024 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability

A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500firepower_9300mds_9000nx-osfirepower_4100nexus_6000nexus_5500nexus_2000firepower_extensible_operating_systemnexus_9000nexus_9500nexus_3000nexus_3600nexus_7000nexus_5600nexus_7700MDS 9000 Series Multilayer SwitchesNexus 3600 Platform SwitchesFirepower 9300 Series Next-Generation FirewallsNexus 3500 Platform SwitchesNexus 7000 and 7700 Series SwitchesNexus 9000 Series Switches-StandaloneNexus 2000, 5500, 5600, and 6000 Series SwitchesFirepower 4100 Series Next-Generation FirewallsNexus 3000 Series SwitchesNexus 9500 R-Series Line Cards and Fabric Modules
CWE ID-CWE-264
Not Available
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-1606
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.45%
||
7 Day CHG~0.00%
Published-08 Mar, 2019 | 20:00
Updated-21 Nov, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability. Nexus 3000, 3500, and Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_9000nexus_3000nx-osnexus_3500Nexus 3500 Platform SwitchesNexus 3000 Series SwitchesNexus 9000 Series Switches in Standalone NX-OS Mode
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1601
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.86%
||
7 Day CHG~0.00%
Published-08 Mar, 2019 | 18:00
Updated-20 Nov, 2024 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_9000nexus_9500mds_9000nexus_5500nexus_5600nx-osnexus_3000nexus_6000nexus_3600nexus_7000nexus_2000nexus_7700MDS 9000 Series Multilayer SwitchesNexus 3600 Platform SwitchesNexus 3500 Platform SwitchesNexus 7000 and 7700 Series SwitchesNexus 9000 Series Switches-StandaloneNexus 2000, 5500, 5600, and 6000 Series SwitchesNexus 3000 Series SwitchesNexus 9500 R-Series Line Cards and Fabric Modules
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-1728
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 29.13%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 16:45
Updated-20 Nov, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability

A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3100vfirepower_9300mds_9500firepower_4150nx-osnexus_3200nexus_6000firepower_4110ucs_6248upusc_6332-16upfirepower_4125nexus_3100nexus_9000mds_9100nexus_9500nexus_3100-znexus_3524-xlnexus_3548-xlfirepower_4145firepower_4120usc_6324mds_9200nexus_7000nexus_3524-xnexus_7700nexus_3500ucs_6332mds_9000nexus_9200mds_9700ucs_6296upnexus_5500nexus_3548-xfirepower_4140nexus_9300nexus_3000nexus_3600firepower_4115nexus_5600nexus_3400Cisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1618
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.88%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-20 Nov, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability

A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability by replacing valid agent files with malicious code. A successful exploit could result in the execution of code supplied by the attacker. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running versions prior to 7.0(3)I7(5).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_9000nx-osNexus 9000 Series Switches in Standalone NX-OS Mode
CWE ID-CWE-275
Not Available
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-1610
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.08% / 24.69%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-21 Nov, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3500 Platform Switches and Nexus 3000 Series Switches software versions prior to 7.0(3)I7(4) are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3000_seriesnx-osnexus_3500_platformNexus 3500 Platform SwitchesNexus 3000 Series Switches
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2021-34723
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.13%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:25
Updated-07 Nov, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-1100-4g_integrated_services_routerasr_10134321_integrated_services_router1100-6g_integrated_services_routerasr_10234431_integrated_services_routerasr_10011100-4gltena_integrated_services_router1100_integrated_services_routerios_xe1100-lte_integrated_services_router4331_integrated_services_routerasr_1006asr_1000-xasr_1002asr_1001-xasr_10041100-4gltegb_integrated_services_routerasr_1002-xcsr1000v4351_integrated_services_routerCisco IOS XE Software
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-34752
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.73%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 16:14
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Command Injection Vulnerabilities

A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device.  This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute commands with root privileges on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Firepower Threat Defense Softwarefirepower_threat_defense_software
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6369
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.21%
||
7 Day CHG~0.00%
Published-25 Aug, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-anyconnect_secure_mobility_clientn/a
CVE-2019-12672
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.92%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosCisco IOS XE Software 3.11.1S
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-12694
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.02%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-20 Nov, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12662
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_34200yc-smnexus_56128pnexus_3172tqnx-osnexus_3548-x_firmwarenexus_93128txnexus_9336pq_aci_spinenexus_3172tq_firmwarenexus_3172pq-xl_firmwarenexus_3064-t_firmwarenexus_3524-x_firmwarenexus_9332cnexus_3132q-vnexus_7000_9-slotnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_7000_10-slot_firmwarenexus_9272qnexus_56128p_firmwarenexus_93180yc-fxnexus_3548_firmwarenexus_3432d-snexus_3264q_firmwarenexus_3524nexus_7000_4-slotnexus_7700_6-slotnexus_5548p_firmwarenexus_3016nexus_92304qcnexus_5596t_firmwarenexus_7000_9-slot_firmwarenexus_3048nexus_9372tx-enexus_93360yc-fx2nexus_3524-xlnexus_5548up_firmwarenexus_9396txnexus_3432d-s_firmwarenexus_7000_10-slotnexus_3064nexus_7700_18-slot_firmwarenexus_3132q-v_firmwarenexus_5548upnexus_9396pxnexus_5672up_firmwarenexus_5596tnexus_7700_2-slotnexus_9372txnexus_5624qnexus_3264c-e_firmwarenexus_3064-tnexus_3132q-xl_firmwarenexus_3408-snexus_9372px-enexus_7000_18-slotnexus_5596up_firmwarenexus_6004_firmwarenexus_9332pqnexus_93108tc-exnexus_9508nexus_93120txnexus_31108tc-v_firmwarenexus_6004nexus_7700_6-slot_firmwarenexus_3132q_firmwarenexus_3548-xlnexus_31128pqnexus_9364cnexus_3164qnexus_3408-s_firmwarenexus_3132c-znexus_5548pnexus_5648qmds_9000nexus_34180yc_firmwarenexus_3464cnexus_93216tc-fx2nexus_3048_firmwarenexus_31128pq_firmwarenexus_3164q_firmwarenexus_5672upnexus_3524-xl_firmwarenexus_3264qnexus_7700_2-slot_firmwarenexus_34180ycnexus_3232c_firmwarenexus_9000vnexus_31108pc-vnexus_5624q_firmwarenexus_7700_18-slotnexus_5596upnexus_5696q_firmwarenexus_34200yc-sm_firmwarenexus_3464c_firmwarenexus_3064_firmwarenexus_3172tq-32t_firmwarenexus_3548nexus_3132qnexus_5648q_firmwarenexus_9372pxnexus_3524_firmwarenexus_5696qnexus_92160yc-xnexus_31108pc-v_firmwarenexus_7700_10-slotnexus_9504nexus_6001nexus_3172_firmwarenexus_93108tc-fxnexus_7000_4-slot_firmwarenexus_92300ycnexus_3172tq-xl_firmwarenexus_3232cnexus_3548-xl_firmwarenexus_6001_firmwarenexus_3264c-enexus_93240yc-fx2nexus_7700_10-slot_firmwareios_xenexus_3548-xnexus_3132q-xlnexus_3172tq-xlnexus_93180yc-exnexus_3132c-z_firmwarenexus_9236cnexus_9516nexus_3016_firmwarenexus_3172pq-xlnexus_7000_18-slot_firmwareCisco NX-OS Software 6.0(2)A1(1)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-34745
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.42%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 19:50
Updated-07 Nov, 2024 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AppDynamics .NET Agent Privilege Escalation Vulnerability

A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-appdynamics_.net_agentAppDynamics .NET Agent for Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34708
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.02% / 4.19%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 05:00
Updated-07 Nov, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for Cisco 8000 and Network Convergence System 540 Series Routers Image Verification Vulnerabilities

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-82018101-32h8201-32fhn540-24z8q2c-m8800_4-slotn540-28z4c-sys-an540x-16z4g8q2c-dn540-acc-sysn540-28z4c-sys-d8800_18-slotn540x-acc-sys8202n540-12z20g-sys-dn540x-12z16g-sys-dn540x-12z16g-sys-a8101-32fh8102-64h8800_8-slotn540-12z20g-sys-an540-24z8q2c-sys8800_12-slotios_xrn540x-16z4g8q2c-aCisco IOS XR Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-12674
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.2||HIGH
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-20 Nov, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_4145_firmwarefirepower_9300firepower_4150firepower_4110firepower_9300_firmwarefirepower_4125firepower_4125_firmwarefirepower_4140firepower_4115_firmwarefirepower_4150_firmwarefirepower_4120_firmwarefirepower_4145firepower_4120firepower_4140_firmwarefirepower_4110_firmwarefirepower_4115firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-216
DEPRECATED: Containment Errors (Container Errors)
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2019-12675
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.2||HIGH
EPSS-0.03% / 7.58%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-20 Nov, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_4145_firmwarefirepower_9300firepower_4150firepower_4110firepower_9300_firmwarefirepower_4125firepower_4125_firmwarefirepower_4140firepower_4115_firmwarefirepower_4150_firmwarefirepower_4120_firmwarefirepower_4145firepower_4120firepower_4140_firmwarefirepower_4110_firmwarefirepower_4115firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-216
DEPRECATED: Containment Errors (Container Errors)
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2019-12645
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.14%
||
7 Day CHG~0.00%
Published-05 Sep, 2019 | 01:20
Updated-20 Nov, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Jabber Client Framework for Mac Code Execution Vulnerability

A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. An attacker could exploit this vulnerability by authenticating to the affected device and executing arbitrary code or potentially modifying certain configuration files. A successful exploit could allow the attacker to execute arbitrary code or modify certain configuration files on the device using the privileges of the installed Cisco JCF for Mac Software.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-jabberCisco Jabber for Mac
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-12666
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.41%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Path Traversal Vulnerability

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software 16.4.1
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-20043
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.94%
||
7 Day CHG-0.01%
Published-19 Jan, 2023 | 01:36
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-cx_cloud_agentCisco CX Cloud Agent
CWE ID-CWE-708
Incorrect Ownership Assignment
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-20166
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.07% / 23.07%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Path Traversal Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-24
Path Traversal: '../filedir'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-20090
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 15.11%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 15:19
Updated-30 Jul, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability

A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_collaboration_endpointroomosCisco TelePresence Endpoint Software (TC/CE)Cisco RoomOS Softwaretelepresence_collaboration_endpoint
CWE ID-CWE-27
Path Traversal: 'dir/../../filename'
CVE-2023-20260
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.02% / 3.79%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 16:57
Updated-13 Nov, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-prime_infrastructureevolved_programmable_network_managerCisco Prime InfrastructureCisco Evolved Programmable Network Manager (EPNM)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2023-20236
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.61%
||
7 Day CHG~0.00%
Published-13 Sep, 2023 | 16:39
Updated-23 Oct, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-8201ncs_4216ncs_5001ncs_5002asr_9010ncs_400982028208ncs_1001asr_9902ncs_551682188212ncs_4206asr_9006ncs_4016ncs_540ncs_57b1-5dse-sysncs_57c3-mods-sysios_xrncs_55008831ncs_4201ncs_5508asr_9903ncs_5501ncs_57c1-48q6-sysasr_9000ncs_560880488128818ncs_5011asr_9001ncs_5504asr_9000vasr_9910asr_99068808asr_9904asr_9920asr_9912asr_9922ncs_57c3-mod-sysncs_1004ncs_560-4ncs_560-7ncs_1002ncs_4202ncs_5502asr_9901ncs_57b1-6d24-sysCisco IOS XR Softwareios_xr_software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2008-5121
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.28% / 50.76%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 00:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.

Action-Not Available
Vendor-bluecoatsafenetn/aCitrix (Cloud Software Group, Inc.)Cisco Systems, Inc.
Product-winproxyvpn_clienthighassurance_remotesoftremote_vpn_clientdeterministic_network_enhancern/a
CWE ID-CWE-264
Not Available
CVE-2019-1593
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.96%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 22:00
Updated-20 Nov, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to the incorrect implementation of a Bash shell command that allows role-based access control (RBAC) to be bypassed. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level by executing commands that should be restricted to other roles. For example, a dev-ops user could escalate their privilege level to admin with a successful exploit of this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_9500nexus_9000_in_aci_modenx-osnexus_3000nexus_3600nexus_7000nexus_7700nexus_9000_in_standaloneNexus 3600 Platform SwitchesNexus 9000 Series Switches in Standalone NX-OS ModeNexus 7000 and 7700 Series SwitchesNexus 3500 Platform SwitchesNexus 9000 Series Fabric Switches in ACI ModeNexus 3000 Series Switches
CWE ID-CWE-264
Not Available
CVE-2019-12649
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.45%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:05
Updated-20 Nov, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3850-24xs-ecatalyst_3850-32xs-ecatalyst_3850-12s-scatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-ecatalyst_3850-24u-lcatalyst_3850-24p-scatalyst_9300l-24t-4g-acatalyst_3850-16xs-scatalyst_3850-48f-scatalyst_3850-24u-scatalyst_3850-48pw-scatalyst_9300l-24t-4x-acatalyst_c3850-12x48u-lcatalyst_9300l-24t-4x-ecatalyst_9300-48un-ecatalyst_9300-48p-acatalyst_9300-24s-acatalyst_9300l-24p-4g-ecatalyst_3850-48f-ecatalyst_9300l-48t-4x-acatalyst_3850-48u-lcatalyst_9300l-24p-4g-acatalyst_9300-48uxm-acatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_9300-24p-acatalyst_3850-32xs-scatalyst_9300-24t-ecatalyst_9300l-24t-4g-ecatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_3850-48xs-ecatalyst_3850-24s-scatalyst_9300-48s-ecatalyst_9300-24u-acatalyst_3850-48t-scatalyst_9300-48p-ecatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_9300lcatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9300-48t-ecatalyst_9300-24u-ecatalyst_3850-24xu-ecatalyst_3850-48p-scatalyst_9300l-48p-4g-acatalyst_9300-48un-acatalyst_3850-48u-scatalyst_9300l-48t-4g-acatalyst_3850-16xs-eioscatalyst_9300-24p-ecatalyst_3850-48xs-f-ecatalyst_9300-48uxm-ecatalyst_9300-48t-acatalyst_3850-48p-ecatalyst_9300l-48t-4x-ecatalyst_3850-12s-ecatalyst_9300l-48p-4x-ecatalyst_3850-24p-lcatalyst_3850-48t-lcatalyst_3850-24t-ecatalyst_c3850-12x48u-ecatalyst_3850-24xs-scatalyst_9300l-48p-4x-acatalyst_9300-24s-ecatalyst_9300-48u-ecatalyst_9300-48u-acatalyst_9300-48s-acatalyst_3850-12xs-ecatalyst_3850-24u-ecatalyst_3850-48xs-sios_xecatalyst_3850-48p-lcatalyst_3850-24p-ecatalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300catalyst_3850-48t-ecatalyst_3850-24xu-scatalyst_9300-24ux-ecatalyst_c3850-12x48u-sCisco IOS XE Software 3.2.11aSG
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-20492
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.20% / 42.47%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 16:55
Updated-08 Oct, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Expressway Series Privilege Escalation Vulnerability

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_video_communication_serverCisco TelePresence Video Communication Server (VCS) Expresswaytelepresence_video_communication_server
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 15
  • 16
  • Next
Details not found