Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-20166

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-18 May, 2023 | 00:00
Updated At-28 Oct, 2024 | 16:29
Rejected At-
Credits

Cisco Identity Services Engine Path Traversal Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:18 May, 2023 | 00:00
Updated At:28 Oct, 2024 | 16:29
Rejected At:
â–¼CVE Numbering Authority (CNA)
Cisco Identity Services Engine Path Traversal Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Identity Services Engine Software
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-24CWE-24
Type: CWE
CWE ID: CWE-24
Description: CWE-24
Metrics
VersionBase scoreBase severityVector
3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu
vendor-advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu
vendor-advisory
x_transferred
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:18 May, 2023 | 03:15
Updated At:07 Nov, 2023 | 04:06

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Cisco Systems, Inc.
cisco
>>identity_services_engine>>3.2
cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>identity_services_engine>>3.2
cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE-24Secondaryykramarz@cisco.com
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-24
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhuykramarz@cisco.com
Vendor Advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

374Records found
CVE-2025-20277
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-3.4||LOW
EPSS-0.11% / 29.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 16:18
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Contact Center Express Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_contact_center_expressCisco Unified Contact Center Express
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-1952
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.32%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:25
Updated-20 Nov, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12666
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.49%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Path Traversal Vulnerability

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software 16.4.1
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-20727
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 67.45%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:20
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOx Application Hosting Environment Vulnerabilities

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosic3000_industrial_compute_gatewaycgr1000_compute_moduleir510_operating_systemCisco IOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-20776
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 52.37%
||
7 Day CHG~0.00%
Published-26 Oct, 2022 | 14:01
Updated-25 Oct, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-roomostelepresence_collaboration_endpointCisco RoomOS Software
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-20167
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.20% / 42.03%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Path Traversal Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-24
Path Traversal: '../filedir'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-20677
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.91%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:16
Updated-06 Nov, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOx Application Hosting Environment Vulnerabilities

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-820188008101-32hcatalyst_3850catalyst_3650catalyst_9200asr_90101100-6g_integrated_services_routercatalyst_ie3400catalyst_ie9300catalyst_9500h1160_integrated_services_router8202catalyst_9600asr_1002-hxasr_9902ioscatalyst_cg418-easr_9006catalyst_8200catalyst_ie3200catalyst_9800-801109_integrated_services_routercatalyst_9400catalyst_8300111x_integrated_services_routerasr_9000v-v21120_integrated_services_routercatalyst_8500asr_1006-xcatalyst_9800-l1100-4g_integrated_services_router1111x_integrated_services_router8201-32fhasr_900asr_9903catalyst_9800-40catalyst_9800catalyst_8500lcatalyst_9500cloud_services_router_1000v8101-32fhasr_9001catalyst_ess93004221_integrated_services_routerasr_9910asr_9906esr6300asr_9904asr_9912asr_9922catalyst_9300catalyst_9800-clasr_1001-xcatalyst_cg522-eesr33001101_integrated_services_routercatalyst_ie33008102-64h1131_integrated_services_routerasr_1009-xasr_9901Cisco IOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2020-3236
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 13.96%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 02:21
Updated-15 Nov, 2024 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using path traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-0477
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.37%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Command Injection Vulnerabilities

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0217
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 40.14%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 07:00
Updated-02 Dec, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are supplied to certain configurations in the CLI of the affected operating system. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable CLI command for an affected system. A successful exploit could allow the attacker to insert and execute arbitrary commands in the CLI of the affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvg29441.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asr_5700_firmwareasr_5500_firmwareasr_5000asr_5500asr_5000_firmwareasr_5700Cisco StarOS
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0224
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.93%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 07:00
Updated-02 Dec, 2024 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-starosasr_5000asr_5500asr_5700Cisco StarOS
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1829
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.34% / 56.99%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 01:15
Updated-20 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Aironet Series Access Points Command Injection Vulnerability

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_1562iaironet_1542daironet_1850eaironet_1562eaironet_1850iaironet_2800iaironet_1542iaironet_1562daironet_3800eaironet_3800paironet_2800eaironet_access_point_firmwareaironet_1800iaironet_3800iCisco Aironet Access Point Software
CWE ID-CWE-16
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1774
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:30
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23nexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rnexus_3232cn7k-m324fq-25lmds_9222inexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1839
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.89%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:10
Updated-20 Nov, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Remote PHY Device Software Command Injection Vulnerability

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying various CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-cbr-8_firmwareremote_phy_120remote_phy_120_firmwareremote_phy_shelf_7200_firmwareremote_phy_220_firmwarecbr-8remote_phy_220remote_phy_shelf_7200Cisco Remote PHY
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1776
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:30
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pucs_6332-16upnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23ucs_6248upnexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2ucs_6324n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rucs_6332nexus_3232cn7k-m324fq-25lmds_9222iucs_6296upnexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1778
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:35
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_3524-x\/xlnexus_9336pq_acin9k-c9504-fm-rn9k-x96136yc-rnexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cn9k-x9636q-rnexus_3164qnexus_3172tq-32tnexus_3132c-znexus_3524-xnexus_31108tc-vx9636q-rnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_34180ycnexus_31108pc-vn9k-x9636c-rxnexus_3524nexus_3548nexus_3132qnexus_3548-x\/xlnexus_3016nexus_9372pxnexus_92304qcx96136yc-rnexus_93240tc-fx2nexus_3048nexus_9372tx-enexus_93108tc-fxn9k-c9508-fm-rnexus_3524-xlnexus_9396txnexus_3064x9636c-rnexus_3232cnexus_9200ycnexus_9396pxx9636c-rxnexus_3264c-enexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_9372px-enexus_9236cnexus_9516n9k-x9636c-rnexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-3457
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:36
Updated-13 Nov, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_4150firepower_1010firepower_1140firepower_2120firepower_2130adaptive_security_appliance_softwarefirepower_9300_sm-24firepower_9300_sm-36firepower_2100firepower_4110firepower_1120firepower_extensible_operating_systemfirepower_2110firepower_4125firepower_1000firepower_9300_sm-48firepower_4112firepower_4140firepower_2140firepower_9300_sm-44_x_3firepower_9300_sm-40firepower_4145firepower_4120firepower_9300_sm-56firepower_9300_sm-56_x_3firepower_threat_defensefirepower_1150firepower_4115firepower_9300_sm-44Cisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-20185
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-3.4||LOW
EPSS-0.02% / 6.59%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:14
Updated-06 Aug, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_and_web_manager_virtual_appliance_m300vsecure_email_and_web_manager_m390secure_email_and_web_manager_m690secure_email_and_web_manager_virtual_appliance_m600vsecure_email_and_web_manager_m190secure_email_and_web_manager_m390xsecure_email_and_web_manager_m690xsecure_email_and_web_manager_m170secure_email_and_web_manager_m395secure_email_and_web_manager_m680secure_email_and_web_manager_m195asyncossecure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_m380secure_email_and_web_manager_m695Cisco Secure EmailCisco Secure Web ApplianceCisco Secure Email and Web Manager
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-20155
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 29.70%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:37
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is first deployed in SD-WAN mode or when an administrator configures SD-Routing on the device. An attacker could exploit this vulnerability by modifying a bootstrap file generated by Cisco Catalyst SD-WAN Manager, loading it into the device flash, and then either reloading the device in a green field deployment in SD-WAN mode or configuring the device with SD-Routing. A successful exploit could allow the attacker to perform arbitrary file writes to the underlying operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2025-20248
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.01% / 0.90%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 16:06
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Image Verification Bypass Vulnerability

A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files during the installation of an .iso file. An attacker could exploit this vulnerability by modifying contents of the .iso image and then installing and activating it on the device. A successful exploit could allow the attacker to load an unsigned file as part of the image activation process.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco IOS XR Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-20117
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.20%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 16:11
Updated-31 Jul, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Application Policy Infrastructure Controller Authenticated Command Injection Vulnerability

A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-application_policy_infrastructure_controllerCisco Application Policy Infrastructure Controller (APIC)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-20238
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.01% / 1.10%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 16:29
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-1244
Internal Asset Exposed to Unsafe Debug Access Level or State
CVE-2025-20338
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.01% / 1.50%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 17:14
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-141
Improper Neutralization of Parameter/Argument Delimiters
CVE-2025-20295
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.02% / 5.47%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 16:23
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco UCS Manager Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system files.   This vulnerability is due to insufficient input validation of command arguments supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to read or create a file or overwrite any file on the file system of the underlying operating system of the affected device, including system files. To exploit this vulnerability, the attacker must have valid administrative credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Unified Computing System (Managed)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-20308
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.03% / 7.32%
||
7 Day CHG~0.00%
Published-02 Jul, 2025 | 16:05
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Spaces Connector Privilege Escalation Vulnerability

A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker could exploit this vulnerability by logging in to the Cisco Spaces Connector CLI as the spacesadmin user and executing a specific command with crafted parameters. A successful exploit could allow the attacker to elevate privileges from the spacesadmin user and execute arbitrary commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spaces_connectorCisco DNA Spaces Connector
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-20178
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.13% / 32.30%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 16:07
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Network Analytics Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_network_analyticsCisco Secure Network Analytics
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-20220
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.01% / 2.35%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 16:40
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials. For more information about vulnerable scenarios, see the Details ["#details"] section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Firepower Management CenterCisco Firepower Threat Defense Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-20237
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.01% / 1.30%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 16:29
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-146
Improper Neutralization of Expression/Command Delimiters
CVE-2025-20278
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.07% / 21.18%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 16:18
Updated-26 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Communications Products Command Injection Vulnerability

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_managerunified_contact_center_expressunified_intelligence_centervirtualized_voice_browserunified_communications_manager_im_and_presence_servicesocialminerfinesseunity_connectionCisco Unified Contact Center ExpressCisco Virtualized Voice BrowserCisco Unified Communications Manager IM and Presence ServiceCisco Unified Communications ManagerCisco Unity ConnectionCisco FinesseCisco Unified Intelligence CenterCisco SocialMiner
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-20177
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.92%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 16:13
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Image Verification Bypass Vulnerability

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-8201-32fh-o8501-sys-mt87008122-64ehf-oncs_540-12z20g-sys-a8011-4g24y4h-i8101-32fh-oncs_540-fh-csr-sysncs_540x-8z16g-sys-d8202ncs_101484048101-32fhncs_540x-16z8q2c-d8818ncs_57c1-48q6-sysncs_540-6z14s-sys-dncs_540x-acc-sysios_xrncs_540x-6z18g-sys-a88048111-32eh-oncs_540x-8z16g-sys-a8102-64hncs_540x-6z18g-sys-d8122-64eh-o8712-mod-mncs_57b1-6d24-sysncs_540x-16z4g8q2c-ancs_540x-12z16g-sys-dncs_540-6z18g-sys-ancs_540-24z8q2c-sysncs_540-12z20g-sys-d8212-48fh-mncs_540-fh-aggncs_540-24q2c2dd-sysncs_540x-12z16g-sys-ancs_540x-4z14g2q-dncs_57c3-mod-sys8102-64h-o8201-32fhncs_540-24q8l2dd-sys88128201-24h8fh8201ncs_540-28z4c-sys-d8808ncs_1010ncs_540x-16z4g8q2c-d86088711-32fh-mncs_540-acc-sysncs_540x-4z14g2q-ancs_540-6z18g-sys-dncs_540-28z4c-sys-ancs_57d2-18dd-sys8202-32fh-mncs_57b1-5dse-sys8101-32h-o8102-28fh-dpu-oCisco IOS XR Software
CWE ID-CWE-274
Improper Handling of Insufficient Privileges
CVE-2019-1972
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.97%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:35
Updated-20 Nov, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability

A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions during the execution of an affected command. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-264
Not Available
CVE-2019-1769
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.90%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:20
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Line Card Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_3524-x\/xlnexus_9336pq_acin9k-c9504-fm-rn9k-x96136yc-rnexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cn9k-x9636q-rnexus_3164qnexus_3172tq-32tnexus_3132c-znexus_3524-xnexus_31108tc-vx9636q-rnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_34180ycnexus_31108pc-vn9k-x9636c-rxnexus_3524nexus_3548nexus_3132qnexus_3548-x\/xlnexus_3016nexus_9372pxnexus_92304qcx96136yc-rnexus_93240tc-fx2nexus_3048nexus_9372tx-enexus_93108tc-fxn9k-c9508-fm-rnexus_3524-xlnexus_9396txnexus_3064x9636c-rnexus_3232cnexus_9200ycnexus_9396pxx9636c-rxnexus_3264c-enexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_9372px-enexus_9236cnexus_9516n9k-x9636c-rnexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1730
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.05% / 15.38%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 16:50
Updated-21 Nov, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3100vnexus_93180lc-exnexus_9332pqnexus_93108tc-exnx-osnexus_3200nexus_9372pxnexus_3636c-rnexus_9508nexus_93120txnexus_92304qcnexus_92160yc-xnexus_93128txnexus_9336pq_aci_spinenexus_3100nexus_9504nexus_3100-znexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_3548-xlnexus_9396txnexus_9332cnexus_9364cnexus_92300ycnexus_92348gc-xnexus_7000nexus_9336c-fx2nexus_3524-xnexus_3500nexus_9348gc-fxpnexus_9272qnexus_9396pxnexus_93216tc-fx2nexus_36180yc-rnexus_93240yc-fx2nexus_93180yc-fxnexus_9372txnexus_3548-xnexus_93180yc-exnexus_9000vnexus_9372px-enexus_3000nexus_9236cnexus_9516nexus_7700nexus_3400Cisco NX-OS Software
CWE ID-CWE-264
Not Available
CVE-2019-1727
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.14% / 33.92%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 16:45
Updated-21 Nov, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_3100vmds_9500mds_9000nexus_9200nexus_5600nx-osnexus_3200mds_9700nexus_6000nexus_5500nexus_3400nexus_3100nexus_9000mds_9100nexus_9500nexus_3548-xnexus_3100-znexus_7000nexus_3524-xlnexus_9300nexus_3548-xlnexus_3000nexus_3600mds_9200nexus_7700nexus_3524-xCisco NX-OS Software
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1810
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.72%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:15
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-n9k-c9232cn3k-c3164qn9k-c92304qcnx-osn3k-c3232cCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1795
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:15
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exfirepower_4150nexus_56128pucs_6332-16upnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sfirepower_4140n7k-m348xp-25lfirepower_9300_with_1_sm-24_modulen9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23ucs_6248upnexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2ucs_6324firepower_4120n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txfirepower_9300_with_1_sm-36_modulenexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotfirepower_4110nexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qfirepower_9300_with_1_sm-44_modulenexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rucs_6332nexus_3232cn7k-m324fq-25lmds_9222iucs_6296upnexus_50107700_10-slotn77-m348xp-23lnexus_1000v7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2firepower_extensible_operating_systemmds_9710nexus_3172tq-xlnexus_93180yc-exfirepower_9300_with_3_sm-44_modulesn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1767
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.22% / 44.79%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 18:45
Updated-20 Nov, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability

A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities. NX-OS versions prior to 8.3(1) are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3132c-znexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_92300ycnexus_3064nexus_3232cnexus_9396pxnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1783
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.90%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:05
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_5548pnexus_5624qnexus_5548upnexus_56128pnexus_5648qnexus_6001nexus_7000nx-osnexus_5696qnexus_5596upnexus_5672upnexus_5596tnexus_7700nexus_6004Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1781
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:45
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exfirepower_9300firepower_4150nexus_56128pucs_6332-16upnexus_3172tqnexus_9332pqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_93128txnexus_9336pq_aci_spinenexus_6004mds_9250inexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172mds_9718nexus_9272qnexus_3464cmds_9148snexus_93216tc-fx2nexus_36180yc-rmds_9148tnexus_5672upnexus_93180yc-fxmds_9132tnexus_3264qnexus_3432d-sfirepower_4140nexus_34180ycnexus_9000vfx-osnexus_31108pc-vmds_9706nexus_5596upnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xucs_6248upnexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlucs_6324nexus_9396txfirepower_4120nexus_7000nexus_92300ycnexus_3064ucs_6332nexus_3232cnexus_5548upnexus_9396pxmds_9222iucs_6296upnexus_5596tnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tmds_9710nexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1791
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 22.67%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:15
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23nexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rnexus_3232cn7k-m324fq-25lmds_9222inexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1803
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.92%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:20
Updated-20 Nov, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9348gc-fxpnexus_9332pqnexus_93108tc-exnexus_9396pxnexus_9372pxnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_93180yc-fxnexus_9372txnexus_93180tc-exnexus_9504nexus_9372tx-enexus_93180yc-exnexus_9372px-enexus_9396txnexus_9516nexus_9364cnexus_9000_series_application_centric_infrastructurenexus_9336c-fx2Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode
CWE ID-CWE-264
Not Available
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-1784
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:05
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_5548pnexus_5548upnexus_56128pucs_6332-16upnexus_5648qnx-osucs_6296upnexus_5696qucs_6248upnexus_5672upnexus_5596tnexus_60047000nexus_5624qnexus_6001ucs_63247700nexus_5596upucs_6332Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1812
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.80%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1768
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.22% / 44.79%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 01:25
Updated-20 Nov, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability

A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3132c-znexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_92300ycnexus_3064nexus_3232cnexus_9396pxnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1779
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.08% / 24.45%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:40
Updated-21 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300nexus_93180lc-exfirepower_4150nexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_93128txnexus_9336pq_aci_spinefirepower_4145nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cmds_9200nexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3164qnexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172nexus_9272qnexus_3464cmds_9700nexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qfirepower_4140nexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_5596upfirepower_4115nexus_3524nexus_3548mds_9500nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xfirepower_4125mds_9100nexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txfirepower_4120nexus_7000nexus_92300ycnexus_3064nexus_3232cnexus_5548upnexus_9396pxnexus_5596tfirepower_extensible_operating_systemnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qfirepower_4112nexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1813
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.80%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1790
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:05
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pucs_6332-16upnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23ucs_6248upnexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2ucs_6324n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rucs_6332nexus_3232cn7k-m324fq-25lmds_9222iucs_6296upnexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1782
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:45
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exfirepower_9300firepower_4150ucs_6332-16upnexus_56128pnexus_3172tqnexus_9332pqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_93128txnexus_9336pq_aci_spinenexus_6004mds_9250inexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172mds_9718nexus_9272qnexus_3464cmds_9148snexus_93216tc-fx2nexus_36180yc-rmds_9148tnexus_5672upnexus_93180yc-fxmds_9132tnexus_3264qnexus_3432d-sfirepower_4140nexus_34180ycnexus_9000vfx-osnexus_31108pc-vmds_9706nexus_5596upnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xucs_6248upnexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlucs_6324nexus_9396txfirepower_4120nexus_7000nexus_92300ycnexus_3064ucs_6332nexus_3232cnexus_5548upnexus_9396pxmds_9222iucs_6296upnexus_5596tnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tmds_9710nexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1770
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.03% / 9.89%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:20
Updated-21 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnexus_93108tc-exnexus_3636c-rnexus_95089736pqnexus_93120txnexus_60007000_10-slotnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004nexus_7700_supervisor_3en9k-x9732c-fxn9k-x9464tx2n7k-f248xp-25en77-f324fq-25nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_5020nexus_9336c-fx2nexus_7700_supervisor_2e7700_2-slotnexus_3132c-zx9636q-rnexus_31108tc-vnexus_3172pq\/pq-xlnexus_5548pnexus_9348gc-fxpnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+n7k-f306ck-25nexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_93180yc-fxnexus_3264qnexus_3432d-sns-oxn7k-m348xp-25lnexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fx7000_4-slotnexus_9500_supervisor_a\+nexus_5596upn9k-x9736c-ex7700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xln7k-m206fq-23ln9k-x97160yc-exnexus_5696qn77-f348xp-23nexus_92160yc-xnexus_9500_supervisor_b7000_18-slotnexus_9504nexus_3048n77-m324fq-25lnexus_6001nexus_93108tc-fxnexus_93360yc-fx2n7k-m202cf-22lnexus_9500_supervisor_an7k-f312fq-257000_9-slotnexus_92300ycnexus_3232cn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn7k-m324fq-25ln9k-x9564txnexus_5010nexus_7000_supervisor_2e7700_10-slotnexus_1000vn77-f430cq-36n9k-x9464pxn77-m348xp-23l7700_18-slot9432pqnexus_5596tnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-sn9k-x9564pxnexus_9516n9k-x9636c-rn7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1775
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:30
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23nexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rnexus_3232cn7k-m324fq-25lmds_9222inexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found