ByteOS

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6||MEDIUM

EPSS-0.15% / 35.20%

7 Day CHG~0.00%

Published-24 Mar, 2021 | 20:07

Updated-08 Nov, 2024 | 17:53

Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.

Product-ios_xe ios_xe_sd-wan Cisco IOS XE Software

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2023-20260

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6||MEDIUM

EPSS-0.02% / 6.00%

7 Day CHG~0.00%

Published-17 Jan, 2024 | 16:57

Updated-13 Nov, 2024 | 19:51

A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system.

Product-prime_infrastructure evolved_programmable_network_manager Cisco Prime Infrastructure Cisco Evolved Programmable Network Manager (EPNM)

CWE ID-CWE-284

Improper Access Control

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1779

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.2||MEDIUM

EPSS-0.08% / 23.98%

7 Day CHG~0.00%

Published-15 May, 2019 | 19:40

Updated-21 Nov, 2024 | 19:26

Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability.

Product-firepower_9300 nexus_93180lc-ex firepower_4150 nexus_56128p nexus_9332pq nexus_3172tq nexus_93108tc-ex nx-os nexus_3636c-r nexus_9508 nexus_93120tx firepower_4110 nexus_93128tx nexus_9336pq_aci_spine firepower_4145 nexus_3548-xl nexus_31128pq nexus_3132q-v nexus_9332c nexus_9364c mds_9200 nexus_92348gc-x nexus_3172tq-32t nexus_9336c-fx2 nexus_3164q nexus_3524-x nexus_3132c-z nexus_31108tc-v nexus_5548p nexus_9348gc-fxp nexus_5648q nexus_3172 nexus_9272q nexus_3464c mds_9700 nexus_93216tc-fx2 nexus_36180yc-r nexus_5672up nexus_93180yc-fx nexus_3264q firepower_4140 nexus_3432d-s nexus_34180yc nexus_9000v nexus_31108pc-v nexus_5596up firepower_4115 nexus_3524 nexus_3548 mds_9500 nexus_3132q nexus_3016 nexus_9372px nexus_5696q nexus_92304qc nexus_92160yc-x firepower_4125 mds_9100 nexus_9504 nexus_3048 nexus_9372tx-e nexus_93108tc-fx nexus_93360yc-fx2 nexus_3524-xl nexus_9396tx firepower_4120 nexus_7000 nexus_92300yc nexus_3064 nexus_3232c nexus_5548up nexus_9396px nexus_5596t firepower_extensible_operating_system nexus_3264c-e nexus_93240yc-fx2 nexus_9372tx nexus_5624q firepower_4112 nexus_3548-x nexus_3132q-xl nexus_3064-t nexus_3172tq-xl nexus_93180yc-ex nexus_3408-s nexus_9372px-e nexus_9236c nexus_9516 nexus_3172pq-xl nexus_7700 Cisco NX-OS Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1735

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.4||MEDIUM

EPSS-0.10% / 26.31%

7 Day CHG~0.00%

Published-15 May, 2019 | 18:45

Updated-21 Nov, 2024 | 19:30

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability.

Product-nexus_93180lc-ex ucs_6332-16up nexus_9332pq nexus_3172tq nexus_93108tc-ex nx-os nexus_3636c-r nexus_9508 nexus_93120tx nexus_6000 nexus_93128tx nexus_9336pq_aci_spine nexus_1000ve nexus_3548-xl nexus_31128pq nexus_3132q-v nexus_9332c nexus_9364c nexus_3164q nexus_92348gc-x nexus_3172tq-32t nexus_9336c-fx2 mds_9200 nexus_3524-x nexus_3132c-z nexus_31108tc-v nexus_9348gc-fxp nexus_3172 mds_9000 nexus_9272q nexus_3464c mds_9700 nexus_93216tc-fx2 nexus_36180yc-r nexus_5500 nexus_93180yc-fx nexus_3264q nexus_3432d-s nexus_34180yc nexus_9000v nexus_31108pc-v nexus_3524 nexus_3548 mds_9500 nexus_3132q nexus_3016 nexus_9372px nexus_92304qc nexus_92160yc-x ucs_6248up mds_9100 nexus_9504 nexus_3048 nexus_9372tx-e nexus_93108tc-fx nexus_93360yc-fx2 nexus_3524-xl ucs_6324 nexus_9396tx nexus_7000 nexus_92300yc nexus_3064 ucs_6332 nexus_3232c nexus_5600 nexus_9396px ucs_6296up nexus_1000v nexus_3264c-e nexus_93240yc-fx2 nexus_9372tx nexus_3548-x nexus_3132q-xl nexus_3064-t nexus_3172tq-xl nexus_93180yc-ex nexus_3408-s nexus_9372px-e nexus_9236c nexus_9516 nexus_3172pq-xl nexus_7700 Cisco NX-OS Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1783

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.08% / 23.42%

7 Day CHG~0.00%

Published-15 May, 2019 | 20:05

Updated-20 Nov, 2024 | 17:20

Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Product-nexus_5548p nexus_5624q nexus_5548up nexus_56128p nexus_5648q nexus_6001 nexus_7000 nx-os nexus_5696q nexus_5596up nexus_5672up nexus_5596t nexus_7700 nexus_6004 Cisco NX-OS Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1784

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.11% / 28.46%

7 Day CHG~0.00%

Published-15 May, 2019 | 20:05

Updated-20 Nov, 2024 | 17:20

Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1790

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.11% / 28.46%

7 Day CHG~0.00%

Published-15 May, 2019 | 20:05

Updated-20 Nov, 2024 | 17:20

Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Product-nexus_93180lc-ex nexus_56128p ucs_6332-16up nx-os nexus_3636c-r 9736pq nexus_7700_supervisor_3e n9k-x9732c-fx n9k-c9504-fm-r mds_9506 mds_9250i nexus_3132q-v nexus_9332c nexus_5020 nexus_9336c-fx2 x9636q-r nexus_31108tc-v nexus_9348gc-fxp mds_9718 mds_9148s nexus_9500_supervisor_b\+n7k-f306ck-25 mds_9513 mds_9148t nexus_93180yc-fx mds_9132t nexus_3432d-s n7k-m348xp-25l n9k-x9736c-fx n9k-x9736c-ex mds_9216 7700_6-slot nexus_7000_supervisor_1 nexus_3548-x\/xl mds_9216a x96136yc-r n77-f348xp-23 ucs_6248up nexus_9500_supervisor_b 7000_18-slot nexus_3048 nexus_93360yc-fx2 ucs_6324 n7k-f312fq-25 mds_9396t mds_9396s n77-m312cq-26l nexus_5548up n9k-x9788tc-fx n9k-x9564tx nexus_7000_supervisor_2e x9636c-rx n77-f430cq-36 n9k-x9464px mds_9216i nexus_5596t nexus_3132q-x\/3132q-xl nexus_5624q 9636pq n9k-x9432c-s nexus_93600cd-gx nexus_3408-s n9k-x9636c-r nexus_93108tc-ex nexus_9508 nexus_93120tx 7000_10-slot nexus_9316d-gx nexus_7000_supervisor_2 nexus_3524-x\/xl nexus_6004 n9k-x9464tx2 n7k-f248xp-25e n9k-x96136yc-r n77-f324fq-25 nexus_31128pq n9k-x9636q-r nexus_9364c nexus_3164q nexus_7700_supervisor_2e 7700_2-slot nexus_3132c-z nexus_3172pq\/pq-xl nexus_5548p nexus_5648q 9536pq n9k-x9732c-ex nexus_3464c nexus_93216tc-fx2 nexus_36180yc-r nexus_5672up n77-f312ck-26 nexus_3264q nexus_34180yc mds_9509 nexus_31108pc-v n9k-x9636c-rx mds_9706 nexus_9500_supervisor_a\+7000_4-slot nexus_5596up n7k-m206fq-23l n9k-x97160yc-ex nexus_5696q nexus_92160yc-x nexus_9504 n77-m324fq-25l nexus_6001 nexus_93108tc-fx n7k-m202cf-22l n9k-c9508-fm-r nexus_9500_supervisor_a 7000_9-slot nexus_92300yc x9636c-r ucs_6332 nexus_3232c n7k-m324fq-25l mds_9222i ucs_6296up nexus_5010 7700_10-slot n77-m348xp-23l 7700_18-slot 9432pq nexus_3264c-e nexus_93240yc-fx2 mds_9710 nexus_3172tq-xl nexus_93180yc-ex n9k-x9564px nexus_9516 n7k-m224xp-23l nexus_5672up-16g Cisco NX-OS Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1781

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.11% / 28.46%

7 Day CHG~0.00%

Published-15 May, 2019 | 19:45

Updated-20 Nov, 2024 | 17:20

Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability.

Product-nexus_93180lc-ex firepower_9300 firepower_4150 nexus_56128p ucs_6332-16up nexus_3172tq nexus_9332pq nexus_93108tc-ex nx-os nexus_3636c-r nexus_9508 nexus_93120tx firepower_4110 nexus_93128tx nexus_9336pq_aci_spine nexus_6004 mds_9250i nexus_3548-xl nexus_31128pq nexus_3132q-v nexus_9332c nexus_9364c nexus_3164q nexus_92348gc-x nexus_3172tq-32t nexus_9336c-fx2 nexus_3524-x nexus_3132c-z nexus_31108tc-v nexus_5548p nexus_9348gc-fxp nexus_5648q nexus_3172 mds_9718 nexus_9272q nexus_3464c mds_9148s nexus_93216tc-fx2 nexus_36180yc-r mds_9148t nexus_5672up nexus_93180yc-fx mds_9132t nexus_3264q nexus_3432d-s firepower_4140 nexus_34180yc nexus_9000v fx-os nexus_31108pc-v mds_9706 nexus_5596up nexus_3524 nexus_3548 nexus_3132q nexus_3016 nexus_9372px nexus_5696q nexus_92304qc nexus_92160yc-x ucs_6248up nexus_9504 nexus_3048 nexus_9372tx-e nexus_6001 nexus_93108tc-fx nexus_93360yc-fx2 nexus_3524-xl ucs_6324 nexus_9396tx firepower_4120 nexus_7000 nexus_92300yc nexus_3064 ucs_6332 nexus_3232c nexus_5548up nexus_9396px mds_9222i ucs_6296up nexus_5596t nexus_3264c-e nexus_93240yc-fx2 nexus_9372tx nexus_5624q nexus_3548-x nexus_3132q-xl nexus_3064-t mds_9710 nexus_3172tq-xl nexus_93180yc-ex nexus_3408-s nexus_9372px-e nexus_9236c nexus_9516 nexus_3172pq-xl nexus_7700 Cisco NX-OS Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1780

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.2||MEDIUM

EPSS-0.06% / 18.99%

7 Day CHG~0.00%

Published-16 May, 2019 | 17:00

Updated-21 Nov, 2024 | 19:23

Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected.

Product-nexus_93180lc-ex firepower_9300 firepower_4150 nexus_56128p nexus_9332pq nexus_3172tq nexus_93108tc-ex nx-os nexus_3636c-r nexus_9508 nexus_93120tx firepower_4110 nexus_93128tx nexus_9336pq_aci_spine nexus_6004 nexus_3548-xl firepower_4145 nexus_31128pq nexus_3132q-v nexus_9332c nexus_9364c nexus_3164q nexus_92348gc-x nexus_3172tq-32t nexus_9336c-fx2 mds_9200 nexus_3524-x nexus_3132c-z nexus_31108tc-v nexus_5548p nexus_9348gc-fxp nexus_5648q nexus_3172 mds_9000 nexus_9272q nexus_3464c mds_9700 nexus_93216tc-fx2 nexus_36180yc-r nexus_5672up nexus_93180yc-fx nexus_3264q nexus_3432d-s firepower_4140 nexus_34180yc nexus_9000v nexus_31108pc-v nexus_5596up firepower_4115 nexus_3524 nexus_3548 mds_9500 nexus_3132q nexus_3016 nexus_9372px nexus_5696q nexus_92304qc nexus_92160yc-x firepower_4125 mds_9100 nexus_9504 nexus_3048 nexus_9372tx-e nexus_6001 nexus_93108tc-fx nexus_93360yc-fx2 nexus_3524-xl nexus_9396tx firepower_4120 nexus_7000 nexus_92300yc nexus_3064 nexus_3232c nexus_5548up nexus_9396px nexus_5596t nexus_3264c-e nexus_93240yc-fx2 firepower_extensible_operating_system nexus_9372tx nexus_5624q nexus_3548-x nexus_3132q-xl nexus_3064-t nexus_3172tq-xl nexus_93180yc-ex nexus_3408-s nexus_9372px-e nexus_9236c nexus_9516 nexus_3172pq-xl nexus_7700 Cisco NX-OS Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1609

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.2||MEDIUM

EPSS-0.28% / 51.28%

7 Day CHG~0.00%

Published-08 Mar, 2019 | 20:00

Updated-21 Nov, 2024 | 19:43

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Product-nexus_3500 nexus_9000 nexus_9500 mds_9000 nx-os nexus_3000 nexus_3600 nexus_7000 nexus_7700 MDS 9000 Series Multilayer Switches Nexus 3600 Platform Switches Nexus 9000 Series Switches in Standalone NX-OS Mode Nexus 7000 and 7700 Series Switches Nexus 3500 Platform Switches Nexus 3000 Series Switches Nexus 9500 R-Series Line Cards and Fabric Modules

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1611

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.2||MEDIUM

EPSS-0.09% / 24.83%

7 Day CHG~0.00%

Published-11 Mar, 2019 | 22:00

Updated-21 Nov, 2024 | 19:43

Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611)

A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Firepower 4100 Series Next-Generation Firewalls are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. Firepower 9300 Security Appliance are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25) and 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected running software versions prior to 7.1(5)N1(1b) and 7.3(4)N1(1). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1613

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.2||MEDIUM

EPSS-0.06% / 19.93%

7 Day CHG~0.00%

Published-11 Mar, 2019 | 22:00

Updated-21 Nov, 2024 | 19:42

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(27) and 8.2(3). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(11) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9), 7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3).

Product-nexus_93180lc-ex n7k-m206fq-23l nexus_93108tc-ex n9k-x97160yc-ex nx-os nexus_9508 9736pq nexus_93120tx nexus_92304qc n77-f348xp-23 nexus_92160yc-x nexus_9316d-gx n9k-x9732c-fx nexus_9504 n77-m324fq-25l nexus_93108tc-fx n7k-m202cf-22l n9k-x9464tx2 n7k-f248xp-25e n77-f324fq-25 nexus_9332c n7k-f312fq-25 nexus_9364c nexus_92300yc nexus_9336c-fx2 n3k-c31128pq-10ge x9636q-r n77-m312cq-26l nexus_9348gc-fxp n9k-x9788tc-fx n7k-m324fq-25l 9536pq nexus_9272q n9k-x9732c-ex n9k-x9564tx n7k-f306ck-25 n3k-c3132c-z n3k-c3264q n77-f430cq-36 n9k-x9464px n77-m348xp-23l 9432pq n77-f312ck-26 nexus_93240yc-fx2 nexus_93180yc-fx 9636pq n9k-x9432c-s n7k-m348xp-25l nexus_93180yc-ex nexus_93600cd-gx n3k-c3164q-40ge n9k-x9636c-rx n9k-x9736c-fx nexus_9236c n9k-x9564px nexus_9516 n9k-x9636c-r n7k-m224xp-23l n9k-x9736c-ex MDS 9000 Series Multilayer Switches Nexus 3600 Platform Switches Nexus 9000 Series Switches in Standalone NX-OS Mode Nexus 7000 and 7700 Series Switches Nexus 3500 Platform Switches Nexus 3000 Series Switches Nexus 9500 R-Series Line Cards and Fabric Modules

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1608

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.2||MEDIUM

EPSS-0.09% / 24.83%

7 Day CHG~0.00%

Published-08 Mar, 2019 | 20:00

Updated-21 Nov, 2024 | 19:43

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)

Product-nexus_7700 nx-os mds_9000 nexus_7000 MDS 9000 Series Multilayer Switches Nexus 7000 and 7700 Series Switches

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1606

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-5.3||MEDIUM

EPSS-0.17% / 37.69%

7 Day CHG~0.00%

Published-08 Mar, 2019 | 20:00

Updated-21 Nov, 2024 | 19:43

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)

Product-nexus_9000 nexus_3000 nx-os nexus_3500 Nexus 3500 Platform Switches Nexus 3000 Series Switches Nexus 9000 Series Switches in Standalone NX-OS Mode

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1795

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.11% / 28.46%

7 Day CHG~0.00%

Published-15 May, 2019 | 20:15

Updated-20 Nov, 2024 | 17:20

Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Product-nexus_93180lc-ex firepower_4150 nexus_56128p ucs_6332-16up nx-os nexus_3636c-r 9736pq nexus_7700_supervisor_3e n9k-x9732c-fx n9k-c9504-fm-r mds_9506 mds_9250i nexus_3132q-v nexus_9332c nexus_5020 nexus_9336c-fx2 x9636q-r nexus_31108tc-v nexus_9348gc-fxp mds_9718 mds_9148s nexus_9500_supervisor_b\+n7k-f306ck-25 mds_9513 mds_9148t nexus_93180yc-fx mds_9132t nexus_3432d-s firepower_4140 n7k-m348xp-25l firepower_9300_with_1_sm-24_module n9k-x9736c-fx n9k-x9736c-ex mds_9216 7700_6-slot nexus_7000_supervisor_1 nexus_3548-x\/xl mds_9216a x96136yc-r n77-f348xp-23 ucs_6248up nexus_9500_supervisor_b 7000_18-slot nexus_3048 nexus_93360yc-fx2 ucs_6324 firepower_4120 n7k-f312fq-25 mds_9396t mds_9396s n77-m312cq-26l nexus_5548up n9k-x9788tc-fx n9k-x9564tx firepower_9300_with_1_sm-36_module nexus_7000_supervisor_2e x9636c-rx n77-f430cq-36 n9k-x9464px mds_9216i nexus_5596t nexus_3132q-x\/3132q-xl nexus_5624q 9636pq n9k-x9432c-s nexus_93600cd-gx nexus_3408-s n9k-x9636c-r nexus_93108tc-ex nexus_9508 nexus_93120tx 7000_10-slot firepower_4110 nexus_9316d-gx nexus_7000_supervisor_2 nexus_3524-x\/xl nexus_6004 n9k-x9464tx2 n7k-f248xp-25e n9k-x96136yc-r n77-f324fq-25 nexus_31128pq n9k-x9636q-r nexus_9364c nexus_3164q firepower_9300_with_1_sm-44_module nexus_7700_supervisor_2e 7700_2-slot nexus_3132c-z nexus_3172pq\/pq-xl nexus_5548p nexus_5648q 9536pq n9k-x9732c-ex nexus_3464c nexus_93216tc-fx2 nexus_36180yc-r nexus_5672up n77-f312ck-26 nexus_3264q nexus_34180yc mds_9509 nexus_31108pc-v n9k-x9636c-rx mds_9706 nexus_9500_supervisor_a\+7000_4-slot nexus_5596up n7k-m206fq-23l n9k-x97160yc-ex nexus_5696q nexus_92160yc-x nexus_9504 n77-m324fq-25l nexus_6001 nexus_93108tc-fx n7k-m202cf-22l n9k-c9508-fm-r nexus_9500_supervisor_a 7000_9-slot nexus_92300yc x9636c-r ucs_6332 nexus_3232c n7k-m324fq-25l mds_9222i ucs_6296up nexus_5010 7700_10-slot n77-m348xp-23l nexus_1000v 7700_18-slot 9432pq nexus_3264c-e nexus_93240yc-fx2 firepower_extensible_operating_system mds_9710 nexus_3172tq-xl nexus_93180yc-ex firepower_9300_with_3_sm-44_modules n9k-x9564px nexus_9516 n7k-m224xp-23l nexus_5672up-16g Cisco NX-OS Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2021-1454

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6||MEDIUM

EPSS-0.11% / 28.54%

7 Day CHG~0.00%

Published-24 Mar, 2021 | 20:06

Updated-08 Nov, 2024 | 23:34

Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities

Product-ios_xe ios_xe_sd-wan Cisco IOS XE Software

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2021-1485

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6.6||MEDIUM

EPSS-0.07% / 21.54%

7 Day CHG~0.00%

Published-08 Apr, 2021 | 04:07

Updated-08 Nov, 2024 | 23:26

Cisco IOS XR Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to an affected command. A successful exploit could allow the attacker to execute commands on the underlying Linux OS with root privileges.

Product-ios_xr Cisco IOS XR Software

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2026-20016

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6||MEDIUM

EPSS-0.01% / 0.69%

7 Day CHG~0.00%

Published-04 Mar, 2026 | 18:34

Updated-05 Jun, 2026 | 12:52

A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

Product-firepower_threat_defense_software adaptive_security_appliance_software Cisco Secure Firewall Threat Defense (FTD) Software

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2020-3380

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-7.8||HIGH

EPSS-0.20% / 41.43%

7 Day CHG~0.00%

Published-16 Jul, 2020 | 17:21

Updated-15 Nov, 2024 | 16:52

Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by authenticating as the fmserver user and submitting malicious input to a specific command. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system.

Product-data_center_network_manager Cisco Data Center Network Manager

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1791

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.08% / 22.78%

7 Day CHG~0.00%

Published-15 May, 2019 | 20:15

Updated-20 Nov, 2024 | 17:19

Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Product-nexus_93180lc-ex nexus_56128p nx-os nexus_3636c-r 9736pq nexus_7700_supervisor_3e n9k-x9732c-fx n9k-c9504-fm-r mds_9506 mds_9250i nexus_3132q-v nexus_9332c nexus_5020 nexus_9336c-fx2 x9636q-r nexus_31108tc-v nexus_9348gc-fxp mds_9718 mds_9148s nexus_9500_supervisor_b\+n7k-f306ck-25 mds_9513 mds_9148t nexus_93180yc-fx mds_9132t nexus_3432d-s n7k-m348xp-25l n9k-x9736c-fx n9k-x9736c-ex mds_9216 7700_6-slot nexus_7000_supervisor_1 nexus_3548-x\/xl mds_9216a x96136yc-r n77-f348xp-23 nexus_9500_supervisor_b 7000_18-slot nexus_3048 nexus_93360yc-fx2 n7k-f312fq-25 mds_9396t mds_9396s n77-m312cq-26l nexus_5548up n9k-x9788tc-fx n9k-x9564tx nexus_7000_supervisor_2e x9636c-rx n77-f430cq-36 n9k-x9464px mds_9216i nexus_5596t nexus_3132q-x\/3132q-xl nexus_5624q 9636pq n9k-x9432c-s nexus_93600cd-gx nexus_3408-s n9k-x9636c-r nexus_93108tc-ex nexus_9508 nexus_93120tx 7000_10-slot nexus_9316d-gx nexus_7000_supervisor_2 nexus_3524-x\/xl nexus_6004 n9k-x9464tx2 n7k-f248xp-25e n9k-x96136yc-r n77-f324fq-25 nexus_31128pq n9k-x9636q-r nexus_9364c nexus_3164q nexus_7700_supervisor_2e 7700_2-slot nexus_3132c-z nexus_3172pq\/pq-xl nexus_5548p nexus_5648q 9536pq n9k-x9732c-ex nexus_3464c nexus_93216tc-fx2 nexus_36180yc-r nexus_5672up n77-f312ck-26 nexus_3264q nexus_34180yc mds_9509 nexus_31108pc-v n9k-x9636c-rx mds_9706 nexus_9500_supervisor_a\+7000_4-slot nexus_5596up n7k-m206fq-23l n9k-x97160yc-ex nexus_5696q nexus_92160yc-x nexus_9504 n77-m324fq-25l nexus_6001 nexus_93108tc-fx n7k-m202cf-22l n9k-c9508-fm-r nexus_9500_supervisor_a 7000_9-slot nexus_92300yc x9636c-r nexus_3232c n7k-m324fq-25l mds_9222i nexus_5010 7700_10-slot n77-m348xp-23l 7700_18-slot 9432pq nexus_3264c-e nexus_93240yc-fx2 mds_9710 nexus_3172tq-xl nexus_93180yc-ex n9k-x9564px nexus_9516 n7k-m224xp-23l nexus_5672up-16g Cisco NX-OS Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1782

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.11% / 28.46%

7 Day CHG~0.00%

Published-15 May, 2019 | 19:45

Updated-20 Nov, 2024 | 17:20

Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability.

Product-nexus_93180lc-ex firepower_9300 firepower_4150 ucs_6332-16up nexus_56128p nexus_3172tq nexus_9332pq nexus_93108tc-ex nx-os nexus_3636c-r nexus_9508 nexus_93120tx firepower_4110 nexus_93128tx nexus_9336pq_aci_spine nexus_6004 mds_9250i nexus_3548-xl nexus_31128pq nexus_3132q-v nexus_9332c nexus_9364c nexus_3164q nexus_92348gc-x nexus_3172tq-32t nexus_9336c-fx2 nexus_3524-x nexus_3132c-z nexus_31108tc-v nexus_5548p nexus_9348gc-fxp nexus_5648q nexus_3172 mds_9718 nexus_9272q nexus_3464c mds_9148s nexus_93216tc-fx2 nexus_36180yc-r mds_9148t nexus_5672up nexus_93180yc-fx mds_9132t nexus_3264q nexus_3432d-s firepower_4140 nexus_34180yc nexus_9000v fx-os nexus_31108pc-v mds_9706 nexus_5596up nexus_3524 nexus_3548 nexus_3132q nexus_3016 nexus_9372px nexus_5696q nexus_92304qc nexus_92160yc-x ucs_6248up nexus_9504 nexus_3048 nexus_9372tx-e nexus_6001 nexus_93108tc-fx nexus_93360yc-fx2 nexus_3524-xl ucs_6324 nexus_9396tx firepower_4120 nexus_7000 nexus_92300yc nexus_3064 ucs_6332 nexus_3232c nexus_5548up nexus_9396px mds_9222i ucs_6296up nexus_5596t nexus_3264c-e nexus_93240yc-fx2 nexus_9372tx nexus_5624q nexus_3548-x nexus_3132q-xl nexus_3064-t mds_9710 nexus_3172tq-xl nexus_93180yc-ex nexus_3408-s nexus_9372px-e nexus_9236c nexus_9516 nexus_3172pq-xl nexus_7700 Cisco NX-OS Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1607

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.2||MEDIUM

EPSS-0.12% / 30.08%

7 Day CHG~0.00%

Published-08 Mar, 2019 | 20:00

Updated-21 Nov, 2024 | 19:43

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)

Product-nexus_7700 nx-os nexus_7000 Nexus 7000 and 7700 Series Switches

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-1610

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.2||MEDIUM

EPSS-0.09% / 24.83%

7 Day CHG~0.00%

Published-11 Mar, 2019 | 22:00

Updated-21 Nov, 2024 | 19:43

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)

Product-nexus_3000_series nx-os nexus_3500_platform Nexus 3500 Platform Switches Nexus 3000 Series Switches

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2022-20930

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.33% / 56.10%

7 Day CHG~0.00%

Published-30 Sep, 2022 | 18:46

Updated-01 Nov, 2024 | 18:50

Cisco SD-WAN Software Arbitrary File Corruption Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.

Product-vedge_2000 sd-wan vedge_100b vedge_100m sd-wan_vbond_orchestrator vedge_5000 sd-wan_vsmart_controller vedge_100 sd-wan_vmanage vedge_1000 vedge_100wm catalyst_sd-wan_manager Cisco SD-WAN vManage

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2017-3813

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.8||HIGH

EPSS-1.19% / 79.17%

7 Day CHG~0.00%

Published-09 Feb, 2017 | 17:00

Updated-13 May, 2026 | 00:24

A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976.

Product-anyconnect_secure_mobility_client Cisco AnyConnect Secure Mobility Client Software for Windows Versions prior to released versions 4.4.00243 and later and 4.3.05017 and later.

CWE ID-CWE-862

Missing Authorization

CWE ID-CWE-264

Not Available

CVE-2021-1376

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 7.29%

7 Day CHG~0.00%

Published-24 Mar, 2021 | 20:15

Updated-08 Nov, 2024 | 23:32

Cisco IOS XE Software Fast Reload Vulnerabilities

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.

Product-ios_xe Cisco IOS XE Software

CWE ID-CWE-347

Improper Verification of Cryptographic Signature

CVE-2025-20313

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.12% / 30.58%

7 Day CHG~0.00%

Published-24 Sep, 2025 | 17:12

Updated-26 Feb, 2026 | 17:48

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. ERP

Product-Cisco IOS XE Software

CWE ID-CWE-35

Path Traversal: '.../...//'

CVE-2025-20117

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-5.1||MEDIUM

EPSS-0.04% / 13.45%

7 Day CHG~0.00%

Published-26 Feb, 2025 | 16:11

Updated-31 Jul, 2025 | 17:37

Cisco Application Policy Infrastructure Controller Authenticated Command Injection Vulnerability

A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.

Product-application_policy_infrastructure_controller Cisco Application Policy Infrastructure Controller (APIC)

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2025-20338

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6||MEDIUM

EPSS-0.01% / 1.65%

7 Day CHG~0.00%

Published-24 Sep, 2025 | 17:14

Updated-26 Feb, 2026 | 17:48

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.

Product-ios_xe Cisco IOS XE Software

CWE ID-CWE-141

Improper Neutralization of Parameter/Argument Delimiters

CVE-2025-20177

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.31%

7 Day CHG~0.00%

Published-12 Mar, 2025 | 16:13

Updated-26 Feb, 2026 | 19:09

Cisco IOS XR Software Image Verification Bypass Vulnerability

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Product-8201-32fh-o 8501-sys-mt 8700 8122-64ehf-o ncs_540-12z20g-sys-a 8011-4g24y4h-i 8101-32fh-o ncs_540-fh-csr-sys ncs_540x-8z16g-sys-d 8202 ncs_1014 8404 8101-32fh ncs_540x-16z8q2c-d 8818 ncs_57c1-48q6-sys ncs_540-6z14s-sys-d ncs_540x-acc-sys ios_xr ncs_540x-6z18g-sys-a 8804 8111-32eh-o ncs_540x-8z16g-sys-a 8102-64h ncs_540x-6z18g-sys-d 8122-64eh-o 8712-mod-m ncs_57b1-6d24-sys ncs_540x-16z4g8q2c-a ncs_540x-12z16g-sys-d ncs_540-6z18g-sys-a ncs_540-24z8q2c-sys ncs_540-12z20g-sys-d 8212-48fh-m ncs_540-fh-agg ncs_540-24q2c2dd-sys ncs_540x-12z16g-sys-a ncs_540x-4z14g2q-d ncs_57c3-mod-sys 8102-64h-o 8201-32fh ncs_540-24q8l2dd-sys 8812 8201-24h8fh 8201 ncs_540-28z4c-sys-d 8808 ncs_1010 ncs_540x-16z4g8q2c-d 8608 8711-32fh-m ncs_540-acc-sys ncs_540x-4z14g2q-a ncs_540-6z18g-sys-d ncs_540-28z4c-sys-a ncs_57d2-18dd-sys 8202-32fh-m ncs_57b1-5dse-sys 8101-32h-o 8102-28fh-dpu-o Cisco IOS XR Software

CWE ID-CWE-274

Improper Handling of Insufficient Privileges

CVE-2025-20185

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-3.4||LOW

EPSS-0.02% / 6.34%

7 Day CHG~0.00%

Published-05 Feb, 2025 | 16:14

Updated-06 Aug, 2025 | 16:53

Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.

CWE ID-CWE-250

Execution with Unnecessary Privileges

CVE-2025-20308

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6||MEDIUM

EPSS-0.06% / 18.02%

7 Day CHG~0.00%

Published-02 Jul, 2025 | 16:05

Updated-26 Feb, 2026 | 18:27

Cisco Spaces Connector Privilege Escalation Vulnerability

A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker could exploit this vulnerability by logging in to the Cisco Spaces Connector CLI as the spacesadmin user and executing a specific command with crafted parameters. A successful exploit could allow the attacker to elevate privileges from the spacesadmin user and execute arbitrary commands on the underlying operating system as root.

Product-spaces_connector Cisco DNA Spaces Connector

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-20314

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.10% / 26.88%

7 Day CHG~0.00%

Published-24 Sep, 2025 | 17:53

Updated-26 Feb, 2026 | 17:47

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to improper validation of software packages. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this vulnerability allows an attacker to bypass a major security feature of a device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Product-Cisco IOS XE Software

CWE ID-CWE-232

Improper Handling of Undefined Values

CVE-2012-4075

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.2||HIGH

EPSS-0.28% / 51.31%

7 Day CHG~0.00%

Published-05 Oct, 2013 | 10:00

Updated-29 Apr, 2026 | 01:13

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.

Product-nx-os n/a

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-20201

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.08% / 24.12%

7 Day CHG~0.00%

Published-07 May, 2025 | 17:44

Updated-26 Feb, 2026 | 18:28

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this vulnerability by including crafted input in specific configuration commands. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system of an affected device. The security impact rating (SIR) of this advisory has been raised to High because an attacker could gain access to the underlying operating system of the affected device and perform potentially undetected actions. Note: The attacker must have privileges to enter configuration mode on the affected device. This is usually referred to as privilege level 15.

Product-ios_xe Cisco IOS XE Software

CWE ID-CWE-754

Improper Check for Unusual or Exceptional Conditions

CVE-2025-20143

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.00% / 0.19%

7 Day CHG~0.00%

Published-12 Mar, 2025 | 16:12

Updated-26 Feb, 2026 | 19:09

Cisco IOS XR Software Secure Boot Bypass Vulnerability

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Product-ios_xr Cisco IOS XR Software

CWE ID-CWE-347

Improper Verification of Cryptographic Signature

CVE-2025-20277

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-3.4||LOW

EPSS-0.11% / 29.29%

7 Day CHG~0.00%

Published-04 Jun, 2025 | 16:18

Updated-26 Feb, 2026 | 18:27

Cisco Unified Contact Center Express Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.

Product-unified_contact_center_express Cisco Unified Contact Center Express

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2025-20278

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6||MEDIUM

EPSS-0.05% / 17.28%

7 Day CHG~0.00%

Published-04 Jun, 2025 | 16:18

Updated-26 Feb, 2026 | 17:51

Cisco Unified Communications Products Command Injection Vulnerability

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

Product-unified_communications_manager unified_contact_center_express unified_intelligence_center virtualized_voice_browser unified_communications_manager_im_and_presence_service socialminer finesse unity_connection Cisco Unified Contact Center Express Cisco Virtualized Voice Browser Cisco Unified Communications Manager IM and Presence Service Cisco Unified Communications Manager Cisco Unity Connection Cisco Finesse Cisco Unified Intelligence Center Cisco SocialMiner

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2021-1237

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 17.21%

7 Day CHG~0.00%

Published-13 Jan, 2021 | 21:17

Updated-12 Nov, 2024 | 20:48

Cisco AnyConnect Secure Mobility Client for Windows DLL Injection Vulnerability

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system which, in turn, causes a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges.

Product-anyconnect_secure_mobility_client Cisco AnyConnect Secure Mobility Client

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2021-1558

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6||MEDIUM

EPSS-0.07% / 21.23%

7 Day CHG~0.00%

Published-22 May, 2021 | 06:40

Updated-08 Nov, 2024 | 21:19

Cisco DNA Spaces Connector Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. These vulnerabilities are due to insufficient restrictions during the execution of affected CLI commands. An attacker could exploit these vulnerabilities by leveraging the insufficient restrictions during execution of these commands. A successful exploit could allow the attacker to elevate privileges from dnasadmin and execute arbitrary commands on the underlying operating system as root.

Product-dna_spaces\Cisco DNA Spaces Connector

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2017-12305

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.33% / 56.39%

7 Day CHG~0.00%

Published-16 Nov, 2017 | 07:00

Updated-13 May, 2026 | 00:24

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034.

Product-ip_phone_8800_series_firmware Cisco IP Phone 8800 Series

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2017-12301

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.12% / 30.21%

7 Day CHG~0.00%

Published-19 Oct, 2017 | 08:00

Updated-13 May, 2026 | 00:24

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit. This vulnerability affects the following Cisco products if they are running Cisco NX-OS Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvb86832, CSCvd86474, CSCvd86479, CSCvd86484, CSCvd86490, CSCve97102, CSCvf12757, CSCvf12804, CSCvf12815, CSCvf15198.

CWE ID-CWE-20

Improper Input Validation

CVE-2017-12313

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.06% / 19.74%

7 Day CHG~0.00%

Published-16 Nov, 2017 | 07:00

Updated-13 May, 2026 | 00:24

An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability.

Product-packet_tracer Cisco Network Academy Packet Tracer

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-426

Untrusted Search Path

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2017-12341

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.42% / 62.40%

7 Day CHG~0.00%

Published-30 Nov, 2017 | 09:00

Updated-13 May, 2026 | 00:24

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the installation of a software patch. An attacker could exploit this vulnerability by installing a crafted patch image with the vulnerable operation occurring prior to patch activation. An exploit could allow the attacker to execute arbitrary commands on an affected system as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf23735, CSCvg04072.

Product-nx-os unified_computing_system Cisco NX-OS

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2017-12261

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.67%

7 Day CHG~0.00%

Published-02 Nov, 2017 | 16:00

Updated-13 May, 2026 | 00:24

A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability. The vulnerability affects the following Cisco Identity Services Engine (ISE) products running Release 1.4, 2.0, 2.0.1, 2.1.0: ISE, ISE Express, ISE Virtual Appliance. Cisco Bug IDs: CSCve74916.

Product-identity_services_engine_virtual_appliance identity_services_engine_express identity_services_engine Cisco Identity Services Engine

CWE ID-CWE-863

Incorrect Authorization

CWE ID-CWE-264

Not Available

CVE-2017-12255

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.06% / 19.40%

7 Day CHG~0.00%

Published-21 Sep, 2017 | 05:00

Updated-13 May, 2026 | 00:24

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this vulnerability by entering a specific command with crafted arguments. An exploit could allow the attacker to gain shell access to the underlying system. Cisco Bug IDs: CSCve70762.

Product-unified_computing_system Cisco UCS Central Software

CWE ID-CWE-20

Improper Input Validation

CVE-2017-12239

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.15% / 35.94%

7 Day CHG~0.00%

Published-28 Sep, 2017 | 07:00

Updated-13 May, 2026 | 00:24

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132.

Product-ios_xe Cisco IOS XE

CWE ID-CWE-798

Use of Hard-coded Credentials

CWE ID-CWE-264

Not Available

CVE-2017-12352

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.10% / 26.49%

7 Day CHG~0.00%

Published-30 Nov, 2017 | 09:00

Updated-13 May, 2026 | 00:24

A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-controlled input that is supplied to certain script files of an affected system. An attacker could exploit this vulnerability by submitting crafted input to a script file on an affected system. A successful exploit could allow the attacker to gain elevated privileges and execute arbitrary commands with root privileges on the affected system. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf57274.

Product-application_policy_infrastructure_controller Cisco Application Policy Infrastructure Controller

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2017-12243

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.8||HIGH

EPSS-40.22% / 97.43%

7 Day CHG~0.00%

Published-02 Nov, 2017 | 16:00

Updated-13 May, 2026 | 00:24

A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.

Product-unified_computing_system_manager firepower_4120_next-generation_firewall firepower_4110_next-generation_firewall firepower_9300_security_appliance firepower_9300_security_appliance_firmware firepower_4100_next-generation_firewall_firmware firepower_4150_next-generation_firewall firepower_4140_next-generation_firewall unified_computing_system_manager_firmware Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2017-12331

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 10.57%

7 Day CHG~0.00%

Published-30 Nov, 2017 | 09:00

Updated-13 May, 2026 | 00:24

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software patch on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16494, CSCvf23655.