Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-34721

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-09 Sep, 2021 | 05:01
Updated At-07 Nov, 2024 | 22:00
Rejected At-
Credits

Cisco IOS XR Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:09 Sep, 2021 | 05:01
Updated At:07 Nov, 2024 | 22:00
Rejected At:
▼CVE Numbering Authority (CNA)
Cisco IOS XR Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco IOS XR Software
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78
Type: CWE
CWE ID: CWE-78
Description: CWE-78
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc
vendor-advisory
x_refsource_CISCO
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc
Resource:
vendor-advisory
x_refsource_CISCO
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:09 Sep, 2021 | 05:15
Updated At:07 Nov, 2023 | 03:36

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.06.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.9
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions before 7.3.2(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions from 7.4.0(inclusive) to 7.4.1(inclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>asr_9000v-v2>>-
cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>asr_9001>>-
cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>asr_9006>>-
cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>asr_9010>>-
cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>asr_9901>>-
cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>asr_9902>>-
cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>asr_9903>>-
cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>asr_9904>>-
cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>asr_9906>>-
cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>asr_9910>>-
cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>asr_9912>>-
cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>asr_9922>>-
cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions before 7.3.2(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions from 7.4.0(inclusive) to 7.4.1(inclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xrv>>-
cpe:2.3:h:cisco:ios_xrv:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xrv_9000>>-
cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions before 7.3.2(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions from 7.4.0(inclusive) to 7.4.1(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_520>>-
cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_540>>-
cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_540_fronthaul>>-
cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_560-4>>-
cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_560-7>>-
cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions before 7.3.2(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions from 7.4.0(inclusive) to 7.4.1(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_5001>>-
cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_5002>>-
cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_5011>>-
cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions before 7.3.2(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions from 7.4.0(inclusive) to 7.4.1(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_5501>>-
cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_5501-se>>-
cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_5502>>-
cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_5502-se>>-
cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_5508>>-
cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_5516>>-
cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions before 7.3.2(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions from 7.4.0(inclusive) to 7.4.1(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_6000>>-
cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_6008>>-
cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions before 7.3.2(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions from 7.4.0(inclusive) to 7.4.1(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_1001>>-
cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_1002>>-
cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ncs_1004>>-
cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions before 7.3.2(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xr>>Versions from 7.4.0(inclusive) to 7.4.1(exclusive)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>8101-32fh>>-
cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondaryykramarz@cisco.com
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxcykramarz@cisco.com
Vendor Advisory
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

509Records found
CVE-2019-12649
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.41%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:05
Updated-20 Nov, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3850-24xs-ecatalyst_3850-32xs-ecatalyst_3850-12s-scatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-ecatalyst_3850-24u-lcatalyst_3850-24p-scatalyst_9300l-24t-4g-acatalyst_3850-16xs-scatalyst_3850-48f-scatalyst_3850-24u-scatalyst_3850-48pw-scatalyst_9300l-24t-4x-acatalyst_c3850-12x48u-lcatalyst_9300l-24t-4x-ecatalyst_9300-48un-ecatalyst_9300-48p-acatalyst_9300-24s-acatalyst_9300l-24p-4g-ecatalyst_3850-48f-ecatalyst_9300l-48t-4x-acatalyst_3850-48u-lcatalyst_9300l-24p-4g-acatalyst_9300-48uxm-acatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_9300-24p-acatalyst_3850-32xs-scatalyst_9300-24t-ecatalyst_9300l-24t-4g-ecatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_3850-48xs-ecatalyst_3850-24s-scatalyst_9300-48s-ecatalyst_9300-24u-acatalyst_3850-48t-scatalyst_9300-48p-ecatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_9300lcatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9300-48t-ecatalyst_9300-24u-ecatalyst_3850-24xu-ecatalyst_3850-48p-scatalyst_9300l-48p-4g-acatalyst_9300-48un-acatalyst_3850-48u-scatalyst_9300l-48t-4g-acatalyst_3850-16xs-eioscatalyst_9300-24p-ecatalyst_3850-48xs-f-ecatalyst_9300-48uxm-ecatalyst_9300-48t-acatalyst_3850-48p-ecatalyst_9300l-48t-4x-ecatalyst_3850-12s-ecatalyst_9300l-48p-4x-ecatalyst_3850-24p-lcatalyst_3850-48t-lcatalyst_3850-24t-ecatalyst_c3850-12x48u-ecatalyst_3850-24xs-scatalyst_9300l-48p-4x-acatalyst_9300-24s-ecatalyst_9300-48u-ecatalyst_9300-48u-acatalyst_9300-48s-acatalyst_3850-12xs-ecatalyst_3850-24u-ecatalyst_3850-48xs-sios_xecatalyst_3850-48p-lcatalyst_3850-24p-ecatalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300catalyst_3850-48t-ecatalyst_3850-24xu-scatalyst_9300-24ux-ecatalyst_c3850-12x48u-sCisco IOS XE Software 3.2.11aSG
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-12694
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-20 Nov, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12666
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.40%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Path Traversal Vulnerability

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software 16.4.1
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-12670
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.01%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IOx Guest Shell Namespace Protection Vulnerability

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosCisco IOS XE Software 3.2.11aSG
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-1375
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.42%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:15
Updated-08 Nov, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Fast Reload Vulnerabilities

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-1536
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.07% / 20.52%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 16:45
Updated-07 Nov, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_meetings_onlinewebex_teamswebex_meetings_serverwebex_meetings_desktopwebex_network_recording_playerCisco Webex Teams
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2014-3312
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-09 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-spa_508g_8-line_ip_phonespa922_1-line_ip_phone_with_1-port_ethernetspa_509g_12-line_ip_phonespa941_4-line_ip_phone_with_1-port_ethernetspa_525g_5-line_ip_phonespa_301_1_line_ip_phonespa942_4-line_ip_phone_with_2-port_switchspa_502g_1-line_ip_phonespa_525g2_5-line_ip_phonespa962_6-line_ip_phone_with_2-port_switchspa901_1-line_ip_phonespa_512g_1-line_ip_phonespa_514g_4-line_ip_phonespa_504g_4-line_ip_phonespa_303_3_line_ip_phonespa_501g_8-line_ip_phonen/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-1447
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.42%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:40
Updated-08 Nov, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Content Security Management Appliance Privilege Escalation Vulnerability

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-content_security_management_applianceCisco Content Security Management Appliance (SMA)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1398
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 19.24%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:07
Updated-08 Nov, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due to incorrect validations of specific function arguments that are passed to the boot script. An attacker could exploit this vulnerability by tampering with a specific file, which an affected device would process during the initial boot process. On systems that are protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, a successful exploit could allow the attacker to execute unsigned code at boot time and bypass the image verification check in the secure boot process of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-489
Active Debug Code
CVE-2013-6689
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.25%
||
7 Day CHG~0.00%
Published-16 Nov, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1366
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.80% / 73.08%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 16:55
Updated-08 Nov, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-anyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-1281
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.24%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:16
Updated-08 Nov, 2024 | 23:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an administrative user and executing a sequence of commands. A successful exploit could allow the attacker to obtain access to the underlying operating system as the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-399
Not Available
CVE-2021-1391
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 10.24%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:07
Updated-08 Nov, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS
CWE ID-CWE-489
Active Debug Code
CVE-2019-1810
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 22.50%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:15
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-n9k-c9232cn3k-c3164qn9k-c92304qcnx-osn3k-c3232cCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-1593
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.37%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 17:20
Updated-07 Nov, 2024 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Packet Tracer for Windows DLL Injection Vulnerability

A vulnerability in Cisco Packet Tracer for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path on the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow an attacker with normal user privileges to execute arbitrary code on the affected system with the privileges of another user’s account.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-packet_tracerCisco Packet Tracer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-1390
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 9.99%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:07
Updated-08 Nov, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Local Privilege Escalation Vulnerability

A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnerability exists because the affected software permits modification of the run-time memory of an affected device under specific circumstances. An attacker could exploit this vulnerability by authenticating to the affected device and issuing a specific diagnostic test command at the CLI. A successful exploit could trigger a logic error in the code that was designed to restrict run-time memory modifications. The attacker could take advantage of this logic error to overwrite system memory locations and execute arbitrary code on the underlying Linux operating system (OS) of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-123
Write-what-where Condition
CVE-2021-1520
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.83%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:51
Updated-08 Nov, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Local Privilege Escalation Vulnerability

A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS). This vulnerability exists because an internal messaging service does not properly sanitize input. An attacker could exploit this vulnerability by first authenticating to the device and then sending a crafted request to the internal service. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying OS. To exploit this vulnerability, the attacker must have valid Administrator credentials for the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-123
Write-what-where Condition
CVE-2021-1449
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:06
Updated-08 Nov, 2024 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Access Point Software Arbitrary Code Execution Vulnerability

A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that is stored on the system, which would allow the attacker to bypass existing protections. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. Note: To exploit this vulnerability, the attacker would need to have access to the development shell (devshell) on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_2800catalyst_9800_firmwareaironet_1800catalyst_iw6300aironet_1560aironet_3800aironet_access_point_softwarecatalyst_9800esw6300wireless_lan_controller_softwareaironet_1540catalyst_91001100_integrated_services_routeraironet_4800Cisco Aironet Access Point Software
CWE ID-CWE-284
Improper Access Control
CVE-2021-1280
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.78%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 19:56
Updated-12 Nov, 2024 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Advanced Malware Protection for Endpoints and Immunet for Windows DLL Hijacking Vulnerability

A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-immunetadvanced_malware_protection_for_endpointsCisco AMP for Endpoints
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-3396
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 15.90%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:02
Updated-13 Nov, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability

A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_c9300-24pcatalyst_c9500-32qc4331\/k9-ws_integrated_services_router1100-6g_integrated_services_routercatalyst_c9300-48scatalyst_c9407r4331\/k9_integrated_services_router4351\/k9_integrated_services_routercatalyst_c9300-48pcatalyst_c9300-48ucatalyst_c9300l-48t-4x4351\/k9-ws_integrated_services_router1100-4gltena_integrated_services_router1100_integrated_services_routercatalyst_c9300l-24t-4g1100-lte_integrated_services_routercatalyst_c9500-16xcatalyst_c9300-48tasr_1000-xasr_1002catalyst_c9300l-24t-4xcsr1000vasr_1004catalyst_c9300l-24p-4xcatalyst_c9500-12qcatalyst_c9300l-48p-4gcatalyst_c9500-24q4351\/k9-rf_integrated_services_router4321\/k9-ws_integrated_services_routercatalyst_c9300-24scatalyst_c9300-48un1100-4g_integrated_services_routercatalyst_c9300-48uxmasr_1013catalyst_c9300-24tasr_1023catalyst_c9300l-48p-4xcatalyst_c9500-24y4c4321\/k9-rf_integrated_services_routercatalyst_c9300l-24p-4gasr_1001catalyst_c9500-40xios_xecatalyst_c9300l-48t-4gcatalyst_c9404rcatalyst_c9300-24ucatalyst_c9500-48y4casr_1006catalyst_c9300-24uxasr_1001-xcatalyst_c9500-32c1100-4gltegb_integrated_services_router4331\/k9-rf_integrated_services_routerasr_1002-x4321\/k9_integrated_services_routercatalyst_c9410rCisco IOS XE Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-3416
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 41.72%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:01
Updated-13 Nov, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeasr_903asr_902asr_907Cisco IOS XE Software
CWE ID-CWE-749
Exposed Dangerous Method or Function
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-3524
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:51
Updated-13 Nov, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE ROM Monitor Software Vulnerability

A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An attacker could exploit this vulnerability by connecting to an affected device through the console, forcing the device into ROMMON mode, and writing a malicious pattern using that specific option on the device. A successful exploit could allow the attacker to break the chain of trust and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_1013asr-920-20sz-masr-920-4sz-aasr-920-12sz-dcbr84431_integrated_services_routerasr-920-12cz-aasr_10014221_integrated_services_routerasr-920-24tz-masr-920-12sz-aios_xe_rom_monitor4331_integrated_services_routerasr-920-10sz-pdasr-920-4sz-d4461_integrated_services_routerasr-920-24sz-imasr_1006asr_1000-xasr-920-12cz-dasr_1002asr-920-24sz-masr_1001-xasr_1004asr_1002-xasr_920u-12sz-imCisco IOS XE ROMMON Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2020-3214
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 13.39%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:41
Updated-15 Nov, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Privilege Escalation Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_c9200l-48pxg-4xcatalyst_c9300-24pws-c3650-24pdws-c3650-48fsws-c3850-48pcatalyst_c9407rcatalyst_c9300-48pws-c3650-24tdws-c3850-24pcatalyst_c9300-48u1100_integrated_services_routerws-c3650-8x24uq4331_integrated_services_routercatalyst_c9500-16x4461_integrated_services_routercatalyst_9800-l-cws-c3650-48tscatalyst_c9200-24pasr_1000-xcatalyst_c9300-48tcatalyst_c9200l-48pxg-2ycatalyst_c9200l-48t-4gcatalyst_c9500-12q111x_integrated_services_routercatalyst_c9500-24qws-c3650-12x48urcatalyst_c9200-48tcatalyst_9800-lcatalyst_c9300-24sasr_1013catalyst_c9300l-48p-4xcatalyst_c9500-24y4cws-c3650-12x48uqcatalyst_c9200l-24t-4gws-c3650-48tdws-c3650-24psasr_1001catalyst_c9404rws-c3850-12x48ucatalyst_c9300-24ucatalyst_c9200l-48t-4xws-c3650-48fdcatalyst_9800-clws-c3650-48tqcatalyst_c9500-32ccatalyst_c9200l-48p-4gasr_1002-xws-c3650-12x48uzcatalyst_c9300l-24p-4gws-c3850-12scatalyst_c9500-32qcws-c3850-48xsws-c3850-48ucatalyst_c9200l-24p-4gcatalyst_c9300-48sws-c3650-48fqws-c3850-48f1160_integrated_services_routerws-c3850-24xucatalyst_c9300l-48t-4xws-c3650-48pscatalyst_c9300l-24t-4gws-c3850-24tcatalyst_c9200l-24pxg-2yws-c3850-24uasr_1002catalyst_c9300l-24t-4xcatalyst_9800-80catalyst_9800-l-fws-c3650-24tsasr_10041109_integrated_services_routercatalyst_c9200l-24p-4xcatalyst_c9300l-24p-4xcatalyst_c9300l-48p-4gcatalyst_c9200-48p1120_integrated_services_routerws-c3650-48pdcatalyst_c9300-48uncatalyst_c9200l-24t-4x1111x_integrated_services_routercatalyst_c9300-48uxmws-c3650-48pqcatalyst_9800-40catalyst_c9300-24t4431_integrated_services_routernexus_1000vcatalyst_c9200l-24pxg-4xcatalyst_c9500-40xios_xecatalyst_c9300l-48t-4gcatalyst_c9500-48y4casr_1006ws-c3850-24sws-c3850-24xscatalyst_c9300-24uxcatalyst_c9200-24tasr_1001-xws-c3650-24pdm1101_integrated_services_routerws-c3850-12xsws-c3650-48fqmws-c3850-48tcatalyst_c9200l-48p-4x422_integrated_services_routercatalyst_c9410rCisco IOS XE Software 16.11.1
CWE ID-CWE-264
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3545
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.06% / 18.99%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 02:25
Updated-13 Nov, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS Software Buffer Overflow Vulnerability

A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300firepower_4112firepower_4150firepower_4140firepower_4145firepower_4110firepower_4120firepower_extensible_operating_systemfirepower_4125firepower_4115Cisco Firepower Extensible Operating System (FXOS)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3458
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.11%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:36
Updated-13 Nov, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000/2100 Series Appliances Secure Boot Bypass Vulnerabilities

Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. The vulnerabilities are due to insufficient protections of the secure boot process. An attacker could exploit these vulnerabilities by injecting code into specific files that are then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device, which would be executed at each boot and maintain persistence across reboots.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_1010firepower_2140firepower_1140firepower_2120adaptive_security_appliance_softwarefirepower_2130firepower_1120firepower_1150firepower_2110firepower_threat_defenseCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2020-3253
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.24%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 16:41
Updated-15 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Shell Access Vulnerability

A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by enabling the support tunnel, setting a key, and deriving the tunnel password. A successful exploit could allow the attacker to run any system command with root access on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-284
Improper Access Control
CVE-2020-3166
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-26 Feb, 2020 | 16:51
Updated-15 Nov, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300firepower_4150firepower_1010firepower_1140firepower_2120firepower_2130adaptive_security_appliance_softwarefirepower_4110firepower_1120firepower_extensible_operating_systemfirepower_2110firepower_4125firepower_4140firepower_2140firepower_4145firepower_4120firepower_1150firepower_4115firepower_threat_defenseCisco Firepower Extensible Operating System (FXOS)
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3138
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.54%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 19:15
Updated-15 Nov, 2024 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Remote Code Execution Vulnerability

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to upload crafted code to the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureNA
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-3215
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.09%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:41
Updated-15 Nov, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software 3.8.0S
CWE ID-CWE-264
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3423
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 18.31%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:01
Updated-13 Nov, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-4451-x_integrated_services_router1111x_integrated_services_routerasr_10134321_integrated_services_routercbr-8_converged_broadband_router4351_integrated_services_router4431_integrated_services_router1160_integrated_services_routercloud_services_router_1000vasr_1002-hx1100_integrated_services_routerios_xe4221_integrated_services_router4331_integrated_services_routerasr_10064461_integrated_services_routerasr_1001-xasr_10041109_integrated_services_router1101_integrated_services_routerasr_1001-hxasr_1002-x111x_integrated_services_router1120_integrated_services_routerasr_1009-xasr_1006-xCisco IOS XE Software 3.7.0S
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-3152
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.77%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 16:16
Updated-13 Nov, 2024 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Connected Mobile Experiences Privilege Escalation Vulnerability

A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-connected_mobile_experiencesCisco Connected Mobile Experiences
CWE ID-CWE-275
Not Available
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-3513
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 41.72%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:51
Updated-13 Nov, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeasr_903ncs_4216_f2bncs_4206ncs_4216asr_907asr_902Cisco IOS XE Software
CWE ID-CWE-749
Exposed Dangerous Method or Function
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-3514
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.2||HIGH
EPSS-0.03% / 7.00%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:35
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Multi-Instance Container Escape Vulnerability

A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials on the device.The vulnerability exists because a configuration file that is used at container startup has insufficient protections. An attacker could exploit this vulnerability by modifying a specific container configuration file on the underlying file system. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running Cisco FTD instances or the host Cisco FXOS device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerfirepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-216
DEPRECATED: Containment Errors (Container Errors)
CVE-2020-27129
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 38.18%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 18:15
Updated-13 Nov, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Command Injection Vulnerability

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and potentially gain elevated privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanageCisco SD-WAN vManage
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2020-27122
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 13.63%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 18:15
Updated-13 Nov, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful exploit could allow the attacker to obtain root privileges on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-1952
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.69%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:25
Updated-20 Nov, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1972
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.70%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:35
Updated-20 Nov, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability

A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions during the execution of an affected command. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-264
Not Available
CVE-2019-1780
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.06% / 18.93%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 17:00
Updated-21 Nov, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exfirepower_9300firepower_4150nexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_93128txnexus_9336pq_aci_spinenexus_6004nexus_3548-xlfirepower_4145nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2mds_9200nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172mds_9000nexus_9272qnexus_3464cmds_9700nexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qnexus_3432d-sfirepower_4140nexus_34180ycnexus_9000vnexus_31108pc-vnexus_5596upfirepower_4115nexus_3524nexus_3548mds_9500nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xfirepower_4125mds_9100nexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txfirepower_4120nexus_7000nexus_92300ycnexus_3064nexus_3232cnexus_5548upnexus_9396pxnexus_5596tnexus_3264c-enexus_93240yc-fx2firepower_extensible_operating_systemnexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1784
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.56%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:05
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_5548pnexus_5548upnexus_56128pucs_6332-16upnexus_5648qnx-osucs_6296upnexus_5696qucs_6248upnexus_5672upnexus_5596tnexus_60047000nexus_5624qnexus_6001ucs_63247700nexus_5596upucs_6332Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1813
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.59%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1779
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.08% / 24.66%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:40
Updated-21 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300nexus_93180lc-exfirepower_4150nexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_93128txnexus_9336pq_aci_spinefirepower_4145nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cmds_9200nexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3164qnexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172nexus_9272qnexus_3464cmds_9700nexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qfirepower_4140nexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_5596upfirepower_4115nexus_3524nexus_3548mds_9500nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xfirepower_4125mds_9100nexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txfirepower_4120nexus_7000nexus_92300ycnexus_3064nexus_3232cnexus_5548upnexus_9396pxnexus_5596tfirepower_extensible_operating_systemnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qfirepower_4112nexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1790
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.56%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:05
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pucs_6332-16upnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23ucs_6248upnexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2ucs_6324n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rucs_6332nexus_3232cn7k-m324fq-25lmds_9222iucs_6296upnexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1809
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 4.39%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:15
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_6332-16upn7k-m206fq-23lnexus_7000_supervisor_1nx-os7000_10-slotn77-f348xp-23ucs_6248upnexus_7000_supervisor_2nexus_7700_supervisor_3e7000_18-slotn77-m324fq-25ln7k-m202cf-22ln7k-f248xp-25eucs_6324n77-f324fq-25n7k-f312fq-257000_9-slotnexus_7700_supervisor_2e7700_2-slotucs_6332n77-m312cq-26ln7k-m324fq-25lmds_9718ucs_6296upn7k-f306ck-25nexus_7000_supervisor_2e7700_10-slotn77-m348xp-23ln77-f430cq-367700_18-slotn77-f312ck-26mds_9710n7k-m348xp-25l7000_4-slotmds_9706n7k-m224xp-23l7700_6-slotCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1795
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.56%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:15
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exfirepower_4150nexus_56128pucs_6332-16upnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sfirepower_4140n7k-m348xp-25lfirepower_9300_with_1_sm-24_modulen9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23ucs_6248upnexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2ucs_6324firepower_4120n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txfirepower_9300_with_1_sm-36_modulenexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotfirepower_4110nexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qfirepower_9300_with_1_sm-44_modulenexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rucs_6332nexus_3232cn7k-m324fq-25lmds_9222iucs_6296upnexus_50107700_10-slotn77-m348xp-23lnexus_1000v7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2firepower_extensible_operating_systemmds_9710nexus_3172tq-xlnexus_93180yc-exfirepower_9300_with_3_sm-44_modulesn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1781
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.56%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:45
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exfirepower_9300firepower_4150nexus_56128pucs_6332-16upnexus_3172tqnexus_9332pqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_93128txnexus_9336pq_aci_spinenexus_6004mds_9250inexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172mds_9718nexus_9272qnexus_3464cmds_9148snexus_93216tc-fx2nexus_36180yc-rmds_9148tnexus_5672upnexus_93180yc-fxmds_9132tnexus_3264qnexus_3432d-sfirepower_4140nexus_34180ycnexus_9000vfx-osnexus_31108pc-vmds_9706nexus_5596upnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xucs_6248upnexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlucs_6324nexus_9396txfirepower_4120nexus_7000nexus_92300ycnexus_3064ucs_6332nexus_3232cnexus_5548upnexus_9396pxmds_9222iucs_6296upnexus_5596tnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tmds_9710nexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1812
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.59%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1736
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 7.64%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:26
Updated-13 Nov, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sns-3615-k9_biosfmc2500-k9_firmwaresns-3515-k9_biosfmc4500-k9_biostg5004-k9-rf_biosfmc2500-k9_biossns-3595-k9_firmwarefmc1000-k9_firmwaretg5004-k9_biostg5004-k9-rf_firmwarefmc1000-k9_biostg5004-k9_firmwarefmc4500-k9_firmwaresns-3695-k9_firmwaresns-3655-k9_biossns-3615-k9_firmwaresns-3655-k9_firmwaresns-3515-k9_firmwareunified_computing_systemsns-3695-k9_biossns-3595-k9_biosidentity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1771
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.98%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:20
Updated-20 Nov, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_business_suitewebex_meetings_serverwebex_business_suite_lockdownwebex_meetings_onlineCisco WebEx WRF Player
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-1730
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.05% / 14.54%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 16:50
Updated-21 Nov, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3100vnexus_93180lc-exnexus_9332pqnexus_93108tc-exnx-osnexus_3200nexus_9372pxnexus_3636c-rnexus_9508nexus_93120txnexus_92304qcnexus_92160yc-xnexus_93128txnexus_9336pq_aci_spinenexus_3100nexus_9504nexus_3100-znexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_3548-xlnexus_9396txnexus_9332cnexus_9364cnexus_92300ycnexus_92348gc-xnexus_7000nexus_9336c-fx2nexus_3524-xnexus_3500nexus_9348gc-fxpnexus_9272qnexus_9396pxnexus_93216tc-fx2nexus_36180yc-rnexus_93240yc-fx2nexus_93180yc-fxnexus_9372txnexus_3548-xnexus_93180yc-exnexus_9000vnexus_9372px-enexus_3000nexus_9236cnexus_9516nexus_7700nexus_3400Cisco NX-OS Software
CWE ID-CWE-264
Not Available
CVE-2019-1811
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.46%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 10
  • 11
  • Next
Details not found