Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-20776

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-26 Oct, 2022 | 14:01
Updated At-25 Oct, 2024 | 16:05
Rejected At-
Credits

Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:26 Oct, 2022 | 14:01
Updated At:25 Oct, 2024 | 16:05
Rejected At:
▼CVE Numbering Authority (CNA)
Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco RoomOS Software
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200
Type: CWE
CWE ID: CWE-200
Description: CWE-200
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu
vendor-advisory
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu
vendor-advisory
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:26 Oct, 2022 | 15:15
Updated At:07 Nov, 2023 | 03:42

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.15.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
CPE Matches
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>Versions before 10.20.1(exclusive)
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>roomos>>Versions before 10.20.1(exclusive)
cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE-200Secondaryykramarz@cisco.com
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-200
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyuykramarz@cisco.com
Vendor Advisory
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

676Records found
CVE-2021-34729
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.86%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:26
Updated-07 Nov, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input in the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system. An attacker would need valid user credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeios_xe_sd-wanCisco IOS XE SD-WAN Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-34708
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.02% / 6.93%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 05:00
Updated-07 Nov, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for Cisco 8000 and Network Convergence System 540 Series Routers Image Verification Vulnerabilities

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-82018101-32h8201-32fhn540-24z8q2c-m8800_4-slotn540-28z4c-sys-an540x-16z4g8q2c-dn540-acc-sysn540-28z4c-sys-d8800_18-slotn540x-acc-sys8202n540-12z20g-sys-dn540x-12z16g-sys-dn540x-12z16g-sys-a8101-32fh8102-64h8800_8-slotn540-12z20g-sys-an540-24z8q2c-sys8800_12-slotios_xrn540x-16z4g8q2c-aCisco IOS XR Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1779
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.08% / 23.98%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:40
Updated-21 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300nexus_93180lc-exfirepower_4150nexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_93128txnexus_9336pq_aci_spinefirepower_4145nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cmds_9200nexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3164qnexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172nexus_9272qnexus_3464cmds_9700nexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qfirepower_4140nexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_5596upfirepower_4115nexus_3524nexus_3548mds_9500nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xfirepower_4125mds_9100nexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txfirepower_4120nexus_7000nexus_92300ycnexus_3064nexus_3232cnexus_5548upnexus_9396pxnexus_5596tfirepower_extensible_operating_systemnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qfirepower_4112nexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1767
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.21% / 44.01%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 18:45
Updated-20 Nov, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability

A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities. NX-OS versions prior to 8.3(1) are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3132c-znexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_92300ycnexus_3064nexus_3232cnexus_9396pxnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1770
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.03% / 10.08%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:20
Updated-21 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnexus_93108tc-exnexus_3636c-rnexus_95089736pqnexus_93120txnexus_60007000_10-slotnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004nexus_7700_supervisor_3en9k-x9732c-fxn9k-x9464tx2n7k-f248xp-25en77-f324fq-25nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_5020nexus_9336c-fx2nexus_7700_supervisor_2e7700_2-slotnexus_3132c-zx9636q-rnexus_31108tc-vnexus_3172pq\/pq-xlnexus_5548pnexus_9348gc-fxpnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+n7k-f306ck-25nexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_93180yc-fxnexus_3264qnexus_3432d-sns-oxn7k-m348xp-25lnexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fx7000_4-slotnexus_9500_supervisor_a\+nexus_5596upn9k-x9736c-ex7700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xln7k-m206fq-23ln9k-x97160yc-exnexus_5696qn77-f348xp-23nexus_92160yc-xnexus_9500_supervisor_b7000_18-slotnexus_9504nexus_3048n77-m324fq-25lnexus_6001nexus_93108tc-fxnexus_93360yc-fx2n7k-m202cf-22lnexus_9500_supervisor_an7k-f312fq-257000_9-slotnexus_92300ycnexus_3232cn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn7k-m324fq-25ln9k-x9564txnexus_5010nexus_7000_supervisor_2e7700_10-slotnexus_1000vn77-f430cq-36n9k-x9464pxn77-m348xp-23l7700_18-slot9432pqnexus_5596tnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-sn9k-x9564pxnexus_9516n9k-x9636c-rn7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1783
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.42%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:05
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_5548pnexus_5624qnexus_5548upnexus_56128pnexus_5648qnexus_6001nexus_7000nx-osnexus_5696qnexus_5596upnexus_5672upnexus_5596tnexus_7700nexus_6004Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1809
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 12.63%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:15
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_6332-16upn7k-m206fq-23lnexus_7000_supervisor_1nx-os7000_10-slotn77-f348xp-23ucs_6248upnexus_7000_supervisor_2nexus_7700_supervisor_3e7000_18-slotn77-m324fq-25ln7k-m202cf-22ln7k-f248xp-25eucs_6324n77-f324fq-25n7k-f312fq-257000_9-slotnexus_7700_supervisor_2e7700_2-slotucs_6332n77-m312cq-26ln7k-m324fq-25lmds_9718ucs_6296upn7k-f306ck-25nexus_7000_supervisor_2e7700_10-slotn77-m348xp-23ln77-f430cq-367700_18-slotn77-f312ck-26mds_9710n7k-m348xp-25l7000_4-slotmds_9706n7k-m224xp-23l7700_6-slotCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1769
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.42%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:20
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Line Card Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_3524-x\/xlnexus_9336pq_acin9k-c9504-fm-rn9k-x96136yc-rnexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cn9k-x9636q-rnexus_3164qnexus_3172tq-32tnexus_3132c-znexus_3524-xnexus_31108tc-vx9636q-rnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_34180ycnexus_31108pc-vn9k-x9636c-rxnexus_3524nexus_3548nexus_3132qnexus_3548-x\/xlnexus_3016nexus_9372pxnexus_92304qcx96136yc-rnexus_93240tc-fx2nexus_3048nexus_9372tx-enexus_93108tc-fxn9k-c9508-fm-rnexus_3524-xlnexus_9396txnexus_3064x9636c-rnexus_3232cnexus_9200ycnexus_9396pxx9636c-rxnexus_3264c-enexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_9372px-enexus_9236cnexus_9516n9k-x9636c-rnexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1778
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.46%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:35
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_3524-x\/xlnexus_9336pq_acin9k-c9504-fm-rn9k-x96136yc-rnexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cn9k-x9636q-rnexus_3164qnexus_3172tq-32tnexus_3132c-znexus_3524-xnexus_31108tc-vx9636q-rnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_34180ycnexus_31108pc-vn9k-x9636c-rxnexus_3524nexus_3548nexus_3132qnexus_3548-x\/xlnexus_3016nexus_9372pxnexus_92304qcx96136yc-rnexus_93240tc-fx2nexus_3048nexus_9372tx-enexus_93108tc-fxn9k-c9508-fm-rnexus_3524-xlnexus_9396txnexus_3064x9636c-rnexus_3232cnexus_9200ycnexus_9396pxx9636c-rxnexus_3264c-enexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_9372px-enexus_9236cnexus_9516n9k-x9636c-rnexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1784
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.46%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:05
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_5548pnexus_5548upnexus_56128pucs_6332-16upnexus_5648qnx-osucs_6296upnexus_5696qucs_6248upnexus_5672upnexus_5596tnexus_60047000nexus_5624qnexus_6001ucs_63247700nexus_5596upucs_6332Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1790
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.46%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:05
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pucs_6332-16upnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23ucs_6248upnexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2ucs_6324n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rucs_6332nexus_3232cn7k-m324fq-25lmds_9222iucs_6296upnexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1774
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.46%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:30
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23nexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rnexus_3232cn7k-m324fq-25lmds_9222inexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1730
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.05% / 15.44%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 16:50
Updated-21 Nov, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3100vnexus_93180lc-exnexus_9332pqnexus_93108tc-exnx-osnexus_3200nexus_9372pxnexus_3636c-rnexus_9508nexus_93120txnexus_92304qcnexus_92160yc-xnexus_93128txnexus_9336pq_aci_spinenexus_3100nexus_9504nexus_3100-znexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_3548-xlnexus_9396txnexus_9332cnexus_9364cnexus_92300ycnexus_92348gc-xnexus_7000nexus_9336c-fx2nexus_3524-xnexus_3500nexus_9348gc-fxpnexus_9272qnexus_9396pxnexus_93216tc-fx2nexus_36180yc-rnexus_93240yc-fx2nexus_93180yc-fxnexus_9372txnexus_3548-xnexus_93180yc-exnexus_9000vnexus_9372px-enexus_3000nexus_9236cnexus_9516nexus_7700nexus_3400Cisco NX-OS Software
CWE ID-CWE-264
Not Available
CVE-2019-1727
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.13% / 32.55%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 16:45
Updated-21 Nov, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_3100vmds_9500mds_9000nexus_9200nexus_5600nx-osnexus_3200mds_9700nexus_6000nexus_5500nexus_3400nexus_3100nexus_9000mds_9100nexus_9500nexus_3548-xnexus_3100-znexus_7000nexus_3524-xlnexus_9300nexus_3548-xlnexus_3000nexus_3600mds_9200nexus_7700nexus_3524-xCisco NX-OS Software
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1781
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.46%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:45
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exfirepower_9300firepower_4150nexus_56128pucs_6332-16upnexus_3172tqnexus_9332pqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_93128txnexus_9336pq_aci_spinenexus_6004mds_9250inexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172mds_9718nexus_9272qnexus_3464cmds_9148snexus_93216tc-fx2nexus_36180yc-rmds_9148tnexus_5672upnexus_93180yc-fxmds_9132tnexus_3264qnexus_3432d-sfirepower_4140nexus_34180ycnexus_9000vfx-osnexus_31108pc-vmds_9706nexus_5596upnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xucs_6248upnexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlucs_6324nexus_9396txfirepower_4120nexus_7000nexus_92300ycnexus_3064ucs_6332nexus_3232cnexus_5548upnexus_9396pxmds_9222iucs_6296upnexus_5596tnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tmds_9710nexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1776
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.46%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:30
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pucs_6332-16upnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23ucs_6248upnexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2ucs_6324n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rucs_6332nexus_3232cn7k-m324fq-25lmds_9222iucs_6296upnexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1780
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.06% / 18.99%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 17:00
Updated-21 Nov, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exfirepower_9300firepower_4150nexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_93128txnexus_9336pq_aci_spinenexus_6004nexus_3548-xlfirepower_4145nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2mds_9200nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172mds_9000nexus_9272qnexus_3464cmds_9700nexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qnexus_3432d-sfirepower_4140nexus_34180ycnexus_9000vnexus_31108pc-vnexus_5596upfirepower_4115nexus_3524nexus_3548mds_9500nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xfirepower_4125mds_9100nexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txfirepower_4120nexus_7000nexus_92300ycnexus_3064nexus_3232cnexus_5548upnexus_9396pxnexus_5596tnexus_3264c-enexus_93240yc-fx2firepower_extensible_operating_systemnexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1812
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.47%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1810
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:15
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-n9k-c9232cn3k-c3164qn9k-c92304qcnx-osn3k-c3232cCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1811
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.47%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1813
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.47%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1803
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.54%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:20
Updated-20 Nov, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9348gc-fxpnexus_9332pqnexus_93108tc-exnexus_9396pxnexus_9372pxnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_93180yc-fxnexus_9372txnexus_93180tc-exnexus_9504nexus_9372tx-enexus_93180yc-exnexus_9372px-enexus_9396txnexus_9516nexus_9364cnexus_9000_series_application_centric_infrastructurenexus_9336c-fx2Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode
CWE ID-CWE-264
Not Available
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-1609
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.28% / 51.28%
||
7 Day CHG~0.00%
Published-08 Mar, 2019 | 20:00
Updated-21 Nov, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_9000nexus_9500mds_9000nx-osnexus_3000nexus_3600nexus_7000nexus_7700MDS 9000 Series Multilayer SwitchesNexus 3600 Platform SwitchesNexus 9000 Series Switches in Standalone NX-OS ModeNexus 7000 and 7700 Series SwitchesNexus 3500 Platform SwitchesNexus 3000 Series SwitchesNexus 9500 R-Series Line Cards and Fabric Modules
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1611
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.09% / 24.83%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-21 Nov, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611)

A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Firepower 4100 Series Next-Generation Firewalls are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. Firepower 9300 Security Appliance are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25) and 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected running software versions prior to 7.1(5)N1(1b) and 7.3(4)N1(1). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500firepower_9300mds_9000nx-osfirepower_4100nexus_6000nexus_5500nexus_2000nexus_9000nexus_9500nexus_3000fx-osnexus_3600nexus_7000nexus_5600nexus_7700MDS 9000 Series Multilayer SwitchesNexus 3600 Platform SwitchesNexus 9000 Series Switches in Standalone NX-OS ModeNexus 3500 Platform SwitchesNexus 7000 and 7700 Series SwitchesNexus 2000, 5500, 5600, and 6000 Series SwitchesFirepower 9300 Security ApplianceFirepower 4100 Series Next-Generation FirewallsNexus 3000 Series SwitchesNexus 9500 R-Series Line Cards and Fabric Modules
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2022-20934
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 29.11%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 17:34
Updated-19 Nov, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_extensible_operating_systemfirepower_threat_defenseCisco Firepower Threat Defense SoftwareCisco Firepower Extensible Operating System (FXOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1613
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-21 Nov, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(27) and 8.2(3). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(11) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9), 7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exn7k-m206fq-23lnexus_93108tc-exn9k-x97160yc-exnx-osnexus_95089736pqnexus_93120txnexus_92304qcn77-f348xp-23nexus_92160yc-xnexus_9316d-gxn9k-x9732c-fxnexus_9504n77-m324fq-25lnexus_93108tc-fxn7k-m202cf-22ln9k-x9464tx2n7k-f248xp-25en77-f324fq-25nexus_9332cn7k-f312fq-25nexus_9364cnexus_92300ycnexus_9336c-fx2n3k-c31128pq-10gex9636q-rn77-m312cq-26lnexus_9348gc-fxpn9k-x9788tc-fxn7k-m324fq-25l9536pqnexus_9272qn9k-x9732c-exn9k-x9564txn7k-f306ck-25n3k-c3132c-zn3k-c3264qn77-f430cq-36n9k-x9464pxn77-m348xp-23l9432pqn77-f312ck-26nexus_93240yc-fx2nexus_93180yc-fx9636pqn9k-x9432c-sn7k-m348xp-25lnexus_93180yc-exnexus_93600cd-gxn3k-c3164q-40gen9k-x9636c-rxn9k-x9736c-fxnexus_9236cn9k-x9564pxnexus_9516n9k-x9636c-rn7k-m224xp-23ln9k-x9736c-exMDS 9000 Series Multilayer SwitchesNexus 3600 Platform SwitchesNexus 9000 Series Switches in Standalone NX-OS ModeNexus 7000 and 7700 Series SwitchesNexus 3500 Platform SwitchesNexus 3000 Series SwitchesNexus 9500 R-Series Line Cards and Fabric Modules
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1623
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 34.62%
||
7 Day CHG~0.00%
Published-20 Jun, 2019 | 02:40
Updated-20 Nov, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Meeting Server CLI Command Injection Vulnerability

A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affected product.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-meeting_serverCisco Meeting Server
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1608
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.09% / 24.83%
||
7 Day CHG~0.00%
Published-08 Mar, 2019 | 20:00
Updated-21 Nov, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_7700nx-osmds_9000nexus_7000MDS 9000 Series Multilayer SwitchesNexus 7000 and 7700 Series Switches
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-15986
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 34.94%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:42
Updated-20 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unity Express Command Injection Vulnerability

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input validation for certain CLI commands that are executed on a vulnerable system. An attacker could exploit this vulnerability by logging in to the system and sending crafted CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unity_expressCisco Unity Express
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15996
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 26.04%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:41
Updated-20 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco DNA Spaces: Connector Privilege Escalation Vulnerability

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions to modify sensitive files. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-dna_spaces\Cisco DNA Spaces
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20676
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 18.94%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:16
Updated-16 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20865
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.22% / 44.17%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 18:40
Updated-06 Nov, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_4145_firmwarefirepower_9300_sm-48_firmwarefirepower_4150firepower_4110firepower_4112_firmwarefirepower_4125firepower_9300_sm-48firepower_4125_firmwarefirepower_9300_sm-40_firmwarefirepower_4112firepower_4140firepower_4115_firmwarefirepower_9300_sm-40firepower_4150_firmwarefirepower_4120_firmwarefirepower_9300_sm-56_firmwarefirepower_4145firepower_4120firepower_9300_sm-56firepower_9300_sm-56_x_3firepower_4110_firmwarefirepower_4140_firmwarefirepower_4115firepower_9300_sm-56_x_3_firmwareCisco Firepower Extensible Operating System (FXOS)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20855
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.9||HIGH
EPSS-0.20% / 41.74%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 18:46
Updated-01 Nov, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_9120_apcatalyst_9800-lcatalyst_9105catalyst_9124catalyst_9800-40catalyst_9800catalyst_9120catalyst_9105axwcatalyst_9120axecatalyst_9124axdcatalyst_9105axicatalyst_9120axicatalyst_9130axeios_xecatalyst_9130_apcatalyst_9115axecatalyst_9800-l-ccatalyst_9800-clcatalyst_9117_apcatalyst_9800-80catalyst_9800-l-fcatalyst_9117catalyst_9120axpcatalyst_9115catalyst_9124axicatalyst_9115axicatalyst_9130catalyst_9115_apcatalyst_9130axicatalyst_9117axiCisco IOS XE Software
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15275
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.51%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-20 Nov, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_collaboration_endpointCisco TelePresence TC Software
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15277
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.10% / 27.16%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-20 Nov, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and sending malicious traffic to a listener who is internal to the device. A successful exploit could allow the attacker to execute commands with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_collaboration_endpointCisco TelePresence TC Software
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15274
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.29% / 52.51%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-20 Nov, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as an administrative level user within the restricted shell and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute previously staged code from the underlying filesystem.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_collaboration_endpointCisco TelePresence TC Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12709
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 15.25%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for Cisco ASR 9000 VMAN CLI Privilege Escalation Vulnerability

A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_9000vasr_9910asr_9906asr_9904asr_9006asr_9912asr_9922asr_9010asr_9001ios_xrasr_9901Cisco IOS XR Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-12670
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 10.32%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IOx Guest Shell Namespace Protection Vulnerability

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosCisco IOS XE Software 3.2.11aSG
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-12661
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 14.18%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-20 Nov, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Virtualization Manager CLI Command Injection Vulnerability

A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1795
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.46%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:15
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exfirepower_4150nexus_56128pucs_6332-16upnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sfirepower_4140n7k-m348xp-25lfirepower_9300_with_1_sm-24_modulen9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23ucs_6248upnexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2ucs_6324firepower_4120n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txfirepower_9300_with_1_sm-36_modulenexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotfirepower_4110nexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qfirepower_9300_with_1_sm-44_modulenexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rucs_6332nexus_3232cn7k-m324fq-25lmds_9222iucs_6296upnexus_50107700_10-slotn77-m348xp-23lnexus_1000v7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2firepower_extensible_operating_systemmds_9710nexus_3172tq-xlnexus_93180yc-exfirepower_9300_with_3_sm-44_modulesn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-12694
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.84%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-20 Nov, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1557
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.07% / 21.23%
||
7 Day CHG~0.00%
Published-22 May, 2021 | 06:40
Updated-08 Nov, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco DNA Spaces Connector Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. These vulnerabilities are due to insufficient restrictions during the execution of affected CLI commands. An attacker could exploit these vulnerabilities by leveraging the insufficient restrictions during execution of these commands. A successful exploit could allow the attacker to elevate privileges from dnasadmin and execute arbitrary commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-dna_spaces\Cisco DNA Spaces Connector
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1382
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.07% / 22.33%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:07
Updated-08 Nov, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1136
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.72%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:35
Updated-08 Nov, 2024 | 23:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Image Verification Vulnerabilities

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-82018808ncs_540881288188202ios_xrCisco IOS XR Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-1584
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 29.04%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 19:10
Updated-07 Nov, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_93108tc-exnx-osnexus_9372pxnexus_9364c-gxnexus_9508nexus_93108tc-fx-24nexus_92304qcnexus_93120txnexus_92160yc-xnexus_93128txnexus_9316d-gxnexus_93108tc-ex-24nexus_9000nexus_9372tx-enexus_93108tc-fx3pnexus_93108tc-fxnexus_93360yc-fx2nexus_9396txnexus_93180yc-fx3snexus_9332cnexus_9364cnexus_92300ycnexus_92348gc-xnexus_9336c-fx2nexus_9348gc-fxpnexus_9272qnexus_93180yc-fx-24nexus_9336c-fx2-enexus_9396pxnexus_93216tc-fx2nexus_93240yc-fx2nexus_93180yc-fxnexus_9372txnexus_93180yc-exnexus_93600cd-gxnexus_9000vnexus_9372px-enexus_9236cnexus_93180yc-fx3nexus_93180yc-ex-24Cisco NX-OS System Software in ACI Mode
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1454
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 28.54%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:06
Updated-08 Nov, 2024 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeios_xe_sd-wanCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2021-1244
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.72%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:35
Updated-08 Nov, 2024 | 23:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Image Verification Vulnerabilities

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-82018808ncs_540881288188202ios_xrCisco IOS XR Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-1520
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.13%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:51
Updated-08 Nov, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Local Privilege Escalation Vulnerability

A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS). This vulnerability exists because an internal messaging service does not properly sanitize input. An attacker could exploit this vulnerability by first authenticating to the device and then sending a crafted request to the internal service. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying OS. To exploit this vulnerability, the attacker must have valid Administrator credentials for the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-123
Write-what-where Condition
CVE-2021-1281
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 12.78%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:16
Updated-08 Nov, 2024 | 23:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an administrative user and executing a sequence of commands. A successful exploit could allow the attacker to obtain access to the underlying operating system as the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-399
Not Available
CVE-2021-1447
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.73%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:40
Updated-08 Nov, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Content Security Management Appliance Privilege Escalation Vulnerability

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-content_security_management_applianceCisco Content Security Management Appliance (SMA)
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 13
  • 14
  • Next
Details not found