Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-20411

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-28 Aug, 2024 | 16:27
Updated At-30 Aug, 2024 | 03:56
Rejected At-
Credits

Cisco NX-OS Bash Arbitrary Code Execution Vulnerability

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing a specific crafted command on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary code with the privileges of root.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:28 Aug, 2024 | 16:27
Updated At:30 Aug, 2024 | 03:56
Rejected At:
â–¼CVE Numbering Authority (CNA)
Cisco NX-OS Bash Arbitrary Code Execution Vulnerability

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing a specific crafted command on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary code with the privileges of root.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco NX-OS Software
Default Status
unknown
Versions
Affected
  • 9.2(3)
  • 7.0(3)I5(2)
  • 6.0(2)A8(7a)
  • 7.0(3)I4(5)
  • 6.0(2)A6(1)
  • 7.0(3)I4(6)
  • 7.0(3)I4(3)
  • 9.2(2v)
  • 6.0(2)A6(5b)
  • 7.0(3)I4(7)
  • 6.0(2)U6(1a)
  • 7.0(3)I4(1)
  • 7.0(3)I4(8)
  • 7.0(3)I4(2)
  • 7.0(3)IM3(1)
  • 6.0(2)U6(5a)
  • 6.0(2)A8(11)
  • 6.0(2)A6(4a)
  • 9.2(1)
  • 9.2(2t)
  • 9.2(3y)
  • 7.0(3)I4(1t)
  • 6.0(2)U6(5c)
  • 6.0(2)A6(4)
  • 7.0(3)I7(6z)
  • 9.3(2)
  • 7.0(3)F3(3)
  • 6.0(2)U6(6)
  • 7.0(3)I7(3z)
  • 7.0(3)IM7(2)
  • 6.0(2)A8(11b)
  • 7.0(3)I7(5a)
  • 7.0(3)I6(1)
  • 6.0(2)U6(10)
  • 7.0(3)IM3(2)
  • 6.0(2)A6(8)
  • 6.0(2)U6(1)
  • 7.0(3)I5(3b)
  • 6.0(2)A6(2a)
  • 6.0(2)U6(7)
  • 9.2(4)
  • 7.0(3)IM3(2a)
  • 6.0(2)A8(10)
  • 6.0(2)A8(2)
  • 7.0(3)IC4(4)
  • 6.0(2)A6(3)
  • 6.0(2)U6(5b)
  • 7.0(3)F3(3c)
  • 7.0(3)F3(1)
  • 6.0(2)U6(5)
  • 7.0(3)F3(5)
  • 6.0(2)A6(7)
  • 7.0(3)I7(2)
  • 6.0(2)A6(5)
  • 7.0(3)IM3(2b)
  • 6.0(2)U6(4a)
  • 7.0(3)I5(3)
  • 7.0(3)I7(3)
  • 6.0(2)A8(6)
  • 7.0(3)I6(2)
  • 6.0(2)A8(5)
  • 6.0(2)U6(8)
  • 7.0(3)IM3(3)
  • 9.3(1)
  • 6.0(2)U6(2)
  • 6.0(2)A8(7)
  • 7.0(3)I7(6)
  • 6.0(2)U6(3a)
  • 6.0(2)A8(11a)
  • 7.0(3)I4(8z)
  • 7.0(3)I4(9)
  • 7.0(3)I7(4)
  • 7.0(3)I7(7)
  • 6.0(2)A8(9)
  • 6.0(2)A8(1)
  • 6.0(2)A6(6)
  • 6.0(2)A8(10a)
  • 7.0(3)I5(1)
  • 9.3(1z)
  • 9.2(2)
  • 7.0(3)F3(4)
  • 7.0(3)I4(8b)
  • 6.0(2)A8(3)
  • 7.0(3)I4(6t)
  • 7.0(3)I5(3a)
  • 6.0(2)A8(8)
  • 7.0(3)I7(5)
  • 7.0(3)F3(3a)
  • 6.0(2)A8(4)
  • 6.0(2)A6(3a)
  • 6.0(2)A6(5a)
  • 7.0(3)F2(1)
  • 7.0(3)I4(8a)
  • 6.0(2)U6(9)
  • 7.0(3)F3(2)
  • 6.0(2)U6(2a)
  • 7.0(3)I4(4)
  • 6.0(2)U6(3)
  • 7.0(3)I7(1)
  • 7.0(3)F2(2)
  • 7.0(3)IA7(2)
  • 7.0(3)IA7(1)
  • 6.0(2)A8(7b)
  • 7.0(3)F1(1)
  • 6.0(2)A6(1a)
  • 6.0(2)A6(2)
  • 6.0(2)A8(4a)
  • 6.0(2)U6(4)
  • 9.3(3)
  • 7.0(3)I7(8)
  • 6.0(2)U6(10a)
  • 9.3(4)
  • 9.3(5)
  • 7.0(3)I7(9)
  • 9.3(6)
  • 10.1(2)
  • 10.1(1)
  • 9.3(5w)
  • 9.3(7)
  • 9.3(7k)
  • 7.0(3)I7(9w)
  • 10.2(1)
  • 9.3(7a)
  • 9.3(8)
  • 7.0(3)I7(10)
  • 10.2(1q)
  • 10.2(2)
  • 9.3(9)
  • 10.1(2t)
  • 10.2(3)
  • 10.2(3t)
  • 9.3(10)
  • 10.2(2a)
  • 10.3(1)
  • 10.2(4)
  • 10.3(2)
  • 9.3(11)
  • 10.3(3)
  • 10.2(5)
  • 9.3(12)
  • 10.2(3v)
  • 10.4(1)
  • 10.3(99w)
  • 10.2(6)
  • 10.3(3w)
  • 10.3(99x)
  • 10.3(3o)
  • 10.3(4)
  • 10.3(3p)
  • 10.3(4a)
  • 10.4(2)
  • 10.3(3q)
  • 9.3(13)
  • 10.2(7)
  • 10.3(3x)
  • 10.3(4g)
  • 10.3(3r)
Problem Types
TypeCWE IDDescription
cweCWE-267Privilege Defined With Unsafe Actions
Type: cwe
CWE ID: CWE-267
Description: Privilege Defined With Unsafe Actions
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Cisco Systems, Inc.cisco
Product
nx-os
CPEs
  • cpe:2.3:o:cisco:nx-os:9.2\(3\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i5\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(7a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(5\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(6\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(3\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.2\(2v\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(5b\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(7\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(1a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(8\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)im3\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(5a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(11\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(4a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.2\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.2\(2t\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.2\(3y\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(1t\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(5c\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(4\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(6z\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)f3\(3\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(6\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(3z\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)im7\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(11b\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(5a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i6\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(10\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)im3\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(8\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i5\(3b\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(2a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(7\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.2\(4\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)im3\(2a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(10\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)ic4\(4\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(3\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(5b\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)f3\(3c\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)f3\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(5\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)f3\(5\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(7\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(5\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)im3\(2b\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(4a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i5\(3\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(3\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(6\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i6\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(5\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(8\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)im3\(3\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(7\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(6\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(3a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(11a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(8z\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(9\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(4\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(7\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(9\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(6\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(10a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i5\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(1z\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.2\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)f3\(4\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(8b\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(3\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(6t\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i5\(3a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(8\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(5\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)f3\(3a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(4\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(3a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(5a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)f2\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(8a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(9\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)f3\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(2a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i4\(4\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(3\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)f2\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)ia7\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)ia7\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(7b\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)f1\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(1a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a6\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)a8\(4a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(4\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(3\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(8\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:6.0\(2\)u6\(10a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(4\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(5\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(9\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(6\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.1\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.1\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(5w\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(7\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(7k\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(9w\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.2\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(7a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(8\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:7.0\(3\)i7\(10\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.2\(1q\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.2\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(9\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.1\(2t\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.2\(3\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.2\(3t\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(10\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.2\(2a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.2\(4\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(11\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(3\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.2\(5\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(12\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.2\(3v\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.4\(1\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(99w\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.2\(6\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(3w\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(99x\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(3o\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(4\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(3p\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(4a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.4\(2\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(3q\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:9.3\(13\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.2\(7\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(3x\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(4g\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:nx-os:10.3\(3r\):*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 9.2\(3\)
  • 7.0\(3\)i5\(2\)
  • 6.0\(2\)a8\(7a\)
  • 7.0\(3\)i4\(5\)
  • 6.0\(2\)a6\(1\)
  • 7.0\(3\)i4\(6\)
  • 7.0\(3\)i4\(3\)
  • 9.2\(2v\)
  • 6.0\(2\)a6\(5b\)
  • 7.0\(3\)i4\(7\)
  • 6.0\(2\)u6\(1a\)
  • 7.0\(3\)i4\(1\)
  • 7.0\(3\)i4\(8\)
  • 7.0\(3\)i4\(2\)
  • 7.0\(3\)im3\(1\)
  • 6.0\(2\)u6\(5a\)
  • 6.0\(2\)a8\(11\)
  • 6.0\(2\)a6\(4a\)
  • 9.2\(1\)
  • 9.2\(2t\)
  • 9.2\(3y\)
  • 7.0\(3\)i4\(1t\)
  • 6.0\(2\)u6\(5c\)
  • 6.0\(2\)a6\(4\)
  • 7.0\(3\)i7\(6z\)
  • 9.3\(2\)
  • 7.0\(3\)f3\(3\)
  • 6.0\(2\)u6\(6\)
  • 7.0\(3\)i7\(3z\)
  • 7.0\(3\)im7\(2\)
  • 6.0\(2\)a8\(11b\)
  • 7.0\(3\)i7\(5a\)
  • 7.0\(3\)i6\(1\)
  • 6.0\(2\)u6\(10\)
  • 7.0\(3\)im3\(2\)
  • 6.0\(2\)a6\(8\)
  • 6.0\(2\)u6\(1\)
  • 7.0\(3\)i5\(3b\)
  • 6.0\(2\)a6\(2a\)
  • 6.0\(2\)u6\(7\)
  • 9.2\(4\)
  • 7.0\(3\)im3\(2a\)
  • 6.0\(2\)a8\(10\)
  • 6.0\(2\)a8\(2\)
  • 7.0\(3\)ic4\(4\)
  • 6.0\(2\)a6\(3\)
  • 6.0\(2\)u6\(5b\)
  • 7.0\(3\)f3\(3c\)
  • 7.0\(3\)f3\(1\)
  • 6.0\(2\)u6\(5\)
  • 7.0\(3\)f3\(5\)
  • 6.0\(2\)a6\(7\)
  • 7.0\(3\)i7\(2\)
  • 6.0\(2\)a6\(5\)
  • 7.0\(3\)im3\(2b\)
  • 6.0\(2\)u6\(4a\)
  • 7.0\(3\)i5\(3\)
  • 7.0\(3\)i7\(3\)
  • 6.0\(2\)a8\(6\)
  • 7.0\(3\)i6\(2\)
  • 6.0\(2\)a8\(5\)
  • 6.0\(2\)u6\(8\)
  • 7.0\(3\)im3\(3\)
  • 9.3\(1\)
  • 6.0\(2\)u6\(2\)
  • 6.0\(2\)a8\(7\)
  • 7.0\(3\)i7\(6\)
  • 6.0\(2\)u6\(3a\)
  • 6.0\(2\)a8\(11a\)
  • 7.0\(3\)i4\(8z\)
  • 7.0\(3\)i4\(9\)
  • 7.0\(3\)i7\(4\)
  • 7.0\(3\)i7\(7\)
  • 6.0\(2\)a8\(9\)
  • 6.0\(2\)a8\(1\)
  • 6.0\(2\)a6\(6\)
  • 6.0\(2\)a8\(10a\)
  • 7.0\(3\)i5\(1\)
  • 9.3\(1z\)
  • 9.2\(2\)
  • 7.0\(3\)f3\(4\)
  • 7.0\(3\)i4\(8b\)
  • 6.0\(2\)a8\(3\)
  • 7.0\(3\)i4\(6t\)
  • 7.0\(3\)i5\(3a\)
  • 6.0\(2\)a8\(8\)
  • 7.0\(3\)i7\(5\)
  • 7.0\(3\)f3\(3a\)
  • 6.0\(2\)a8\(4\)
  • 6.0\(2\)a6\(3a\)
  • 6.0\(2\)a6\(5a\)
  • 7.0\(3\)f2\(1\)
  • 7.0\(3\)i4\(8a\)
  • 6.0\(2\)u6\(9\)
  • 7.0\(3\)f3\(2\)
  • 6.0\(2\)u6\(2a\)
  • 7.0\(3\)i4\(4\)
  • 6.0\(2\)u6\(3\)
  • 7.0\(3\)i7\(1\)
  • 7.0\(3\)f2\(2\)
  • 7.0\(3\)ia7\(2\)
  • 7.0\(3\)ia7\(1\)
  • 6.0\(2\)a8\(7b\)
  • 7.0\(3\)f1\(1\)
  • 6.0\(2\)a6\(1a\)
  • 6.0\(2\)a6\(2\)
  • 6.0\(2\)a8\(4a\)
  • 6.0\(2\)u6\(4\)
  • 9.3\(3\)
  • 7.0\(3\)i7\(8\)
  • 6.0\(2\)u6\(10a\)
  • 9.3\(4\)
  • 9.3\(5\)
  • 7.0\(3\)i7\(9\)
  • 9.3\(6\)
  • 10.1\(2\)
  • 10.1\(1\)
  • 9.3\(5w\)
  • 9.3\(7\)
  • 9.3\(7k\)
  • 7.0\(3\)i7\(9w\)
  • 10.2\(1\)
  • 9.3\(7a\)
  • 9.3\(8\)
  • 7.0\(3\)i7\(10\)
  • 10.2\(1q\)
  • 10.2\(2\)
  • 9.3\(9\)
  • 10.1\(2t\)
  • 10.2\(3\)
  • 10.2\(3t\)
  • 9.3\(10\)
  • 10.2\(2a\)
  • 10.3\(1\)
  • 10.2\(4\)
  • 10.3\(2\)
  • 9.3\(11\)
  • 10.3\(3\)
  • 10.2\(5\)
  • 9.3\(12\)
  • 10.2\(3v\)
  • 10.4\(1\)
  • 10.3\(99w\)
  • 10.2\(6\)
  • 10.3\(3w\)
  • 10.3\(99x\)
  • 10.3\(3o\)
  • 10.3\(4\)
  • 10.3\(3p\)
  • 10.3\(4a\)
  • 10.4\(2\)
  • 10.3\(3q\)
  • 9.3\(13\)
  • 10.2\(7\)
  • 10.3\(3x\)
  • 10.3\(4g\)
  • 10.3\(3r\)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:28 Aug, 2024 | 17:15
Updated At:29 Aug, 2024 | 13:25

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing a specific crafted command on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary code with the privileges of root.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-267Secondaryykramarz@cisco.com
CWE ID: CWE-267
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7ykramarz@cisco.com
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7
Source: ykramarz@cisco.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

161Records found
CVE-2020-3513
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 41.47%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:51
Updated-13 Nov, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeasr_903ncs_4216_f2bncs_4206ncs_4216asr_907asr_902Cisco IOS XE Software
CWE ID-CWE-749
Exposed Dangerous Method or Function
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-3210
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.42%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:40
Updated-15 Nov, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability

A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios11201240829809Cisco IOS 12.2(60)EZ16
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-3417
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 24.56%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:01
Updated-13 Nov, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-3416
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 41.47%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:01
Updated-13 Nov, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeasr_903asr_902asr_907Cisco IOS XE Software
CWE ID-CWE-749
Exposed Dangerous Method or Function
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-3152
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.03%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 16:16
Updated-13 Nov, 2024 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Connected Mobile Experiences Privilege Escalation Vulnerability

A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-connected_mobile_experiencesCisco Connected Mobile Experiences
CWE ID-CWE-275
Not Available
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-3458
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.44%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:36
Updated-13 Nov, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000/2100 Series Appliances Secure Boot Bypass Vulnerabilities

Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. The vulnerabilities are due to insufficient protections of the secure boot process. An attacker could exploit these vulnerabilities by injecting code into specific files that are then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device, which would be executed at each boot and maintain persistence across reboots.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_1010firepower_2140firepower_1140firepower_2120adaptive_security_appliance_softwarefirepower_2130firepower_1120firepower_1150firepower_2110firepower_threat_defenseCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2020-3457
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 35.76%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:36
Updated-13 Nov, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_4150firepower_1010firepower_1140firepower_2120firepower_2130adaptive_security_appliance_softwarefirepower_9300_sm-24firepower_9300_sm-36firepower_2100firepower_4110firepower_1120firepower_extensible_operating_systemfirepower_2110firepower_4125firepower_1000firepower_9300_sm-48firepower_4112firepower_4140firepower_2140firepower_9300_sm-44_x_3firepower_9300_sm-40firepower_4145firepower_4120firepower_9300_sm-56firepower_9300_sm-56_x_3firepower_threat_defensefirepower_1150firepower_4115firepower_9300_sm-44Cisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-3169
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 35.05%
||
7 Day CHG~0.00%
Published-26 Feb, 2020 | 16:50
Updated-15 Nov, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_4150firepower_9300_sm-24firepower_9300_sm-36firepower_4110firepower_extensible_operating_systemfirepower_9300_sm-48firepower_4125firepower_4140firepower_9300_sm-44_x_3firepower_9300_sm-40firepower_4145firepower_4120firepower_9300_sm-56firepower_9300_sm-56_x_3firepower_4115firepower_9300_sm-44Cisco Firepower Extensible Operating System (FXOS)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-3207
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.21% / 43.05%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:40
Updated-15 Nov, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Command Injection Vulnerability

A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_c9200l-48pxg-4xcatalyst_c9300-24pcatalyst_c9500-32qccatalyst_c9200l-24p-4gcatalyst_c9300-48scatalyst_c9300-48pcatalyst_3650-8x24uqcatalyst_3650-12x48urcatalyst_c9300-48ucatalyst_c9300l-48t-4xcatalyst_c9300l-24t-4gcatalyst_c9200l-24pxg-2ycatalyst_3650-24pdcatalyst_c9500-16xcatalyst_c9200-24pcatalyst_c9300-48tcatalyst_c9300l-24t-4xcatalyst_c9200l-48pxg-2ycatalyst_c9200l-48t-4gcatalyst_c9200l-24p-4xcatalyst_c9200-48pcatalyst_c9300l-24p-4xcatalyst_c9300l-48p-4gcatalyst_c9500-12qcatalyst_3650-24pdmcatalyst_c9500-24qcatalyst_3850-24xscatalyst_c9200-48tcatalyst_c9200l-24t-4xcatalyst_c9300-24scatalyst_c9300-48uncatalyst_c9300-48uxmcatalyst_c9300-24tcatalyst_3850-nm-2-40gcatalyst_c9300l-48p-4xcatalyst_c9500-24y4ccatalyst_c9200l-24t-4gcatalyst_c9200l-24pxg-4xcatalyst_c9500-40xios_xecatalyst_3650-12x48uzcatalyst_c9300l-48t-4gcatalyst_c9300-24ucatalyst_c9200l-48t-4xcatalyst_c9500-48y4ccatalyst_3850-48xscatalyst_3850-nm-8-10gcatalyst_3650-12x48uqcatalyst_c9300-24uxcatalyst_c9200-24tcatalyst_c9500-32ccatalyst_c9200l-48p-4gcatalyst_3650-48fqmcatalyst_3650-48fqcatalyst_c9300l-24p-4gcatalyst_c9200l-48p-4xCisco IOS XE Software 16.9.2
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-3236
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.26%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 02:21
Updated-15 Nov, 2024 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using path traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-27129
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 37.78%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 18:15
Updated-13 Nov, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Command Injection Vulnerability

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and potentially gain elevated privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanageCisco SD-WAN vManage
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2020-27122
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 18:15
Updated-13 Nov, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful exploit could allow the attacker to obtain root privileges on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-0217
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 40.12%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 07:00
Updated-02 Dec, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are supplied to certain configurations in the CLI of the affected operating system. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable CLI command for an affected system. A successful exploit could allow the attacker to insert and execute arbitrary commands in the CLI of the affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvg29441.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asr_5700_firmwareasr_5500_firmwareasr_5000asr_5500asr_5000_firmwareasr_5700Cisco StarOS
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20153
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.07% / 21.00%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-28 Oct, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Command Injection Vulnerabilities

Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20121
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.08% / 23.21%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-28 Oct, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection Vulnerabilities

Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineprime_infrastructureevolved_programmable_network_managerCisco Identity Services Engine Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20236
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.85%
||
7 Day CHG~0.00%
Published-13 Sep, 2023 | 16:39
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-8201ncs_4216ncs_5001ncs_5002asr_9010ncs_400982028208ncs_1001asr_9902ncs_551682188212ncs_4206asr_9006ncs_4016ncs_540ncs_57b1-5dse-sysncs_57c3-mods-sysios_xrncs_55008831ncs_4201ncs_5508asr_9903ncs_5501ncs_57c1-48q6-sysasr_9000ncs_560880488128818ncs_5011asr_9001ncs_5504asr_9000vasr_9910asr_99068808asr_9904asr_9920asr_9912asr_9922ncs_57c3-mod-sysncs_1004ncs_560-4ncs_560-7ncs_1002ncs_4202ncs_5502asr_9901ncs_57b1-6d24-sysCisco IOS XR Softwareios_xr_software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-20023
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.07% / 21.00%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-28 Oct, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Privilege Escalation Vulnerabilities

Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20022
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.07% / 21.00%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-28 Oct, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Privilege Escalation Vulnerabilities

Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20043
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 17.03%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:36
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-cx_cloud_agentCisco CX Cloud Agent
CWE ID-CWE-708
Incorrect Ownership Assignment
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-20193
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 19:29
Updated-23 Oct, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20075
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.04% / 13.81%
||
7 Day CHG-0.01%
Published-16 Feb, 2023 | 15:25
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-email_security_applianceCisco Secure Email
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20015
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.09%
||
7 Day CHG~0.00%
Published-23 Feb, 2023 | 00:00
Updated-28 Oct, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_6454_firmwareucs_6300firepower_4150ucs_6332-16upucs_6300_firmwareucs_64108firepower_4110ucs_6248upfirepower_4125ucs_6296up_firmwareucs_64108_firmwareucs_central_softwarefirepower_9300_sm-44_x_3firepower_9300_sm-40ucs_6324ucs_6248up_firmwareucs_6332_firmwarefirepower_4120firepower_4145firepower_9300_sm-56firepower_9300_sm-56_x_3ucs_6536ucs_6332firepower_9300_sm-44firepower_4100ucs_6296upfirepower_9300_sm-24ucs_6536_firmwarefirepower_9300_sm-36ucs_6200firepower_extensible_operating_systemfirepower_9300_sm-48ucs_6324_firmwarefirepower_4112firepower_4140ucs_6454ucs_6332-16up_firmwareucs_6200_firmwarefirepower_4115Cisco Unified Computing System (Managed)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20166
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.06% / 20.00%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Path Traversal Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-24
Path Traversal: '../filedir'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-20021
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.07% / 21.00%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-28 Oct, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Privilege Escalation Vulnerabilities

Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20170
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.03% / 9.72%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 17:12
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20152
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.07% / 21.00%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-06 Nov, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Command Injection Vulnerabilities

Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20097
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.07% / 20.35%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-25 Oct, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Access Point Software Command Injection Vulnerability

A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_1562icatalyst_iw6300catalyst_9124aironet_1560catalyst_iw6300_dcwcatalyst_iw6300_acaironet_3800ecatalyst_9105axwaironet_1810wesw6300catalyst_9120axeaironet_1815tcatalyst_9130axecatalyst_9130_apaironet_1800catalyst_iw6300_dcaironet_1562eaironet_2800iaironet_1542iaironet_3800pcatalyst_9117catalyst_9120axpwireless_lan_controller_softwareaironet_1815catalyst_9115aironet_1540catalyst_9100catalyst_9115axiaironet_1815icatalyst_9105axaironet_1815waironet_4800catalyst_9117axiaironet_2800catalyst_9120_apaironet_1542dcatalyst_9130catalyst_9130axiaironet_3800catalyst_9115axaironet_access_point_softwareaironet_1800icatalyst_9120aironet_1562dcatalyst_9120axcatalyst_9124axdcatalyst_9105axicatalyst_9120axicatalyst_9117axaironet_3800iios_xecatalyst_9115axecatalyst_9130axcatalyst_9124axicatalyst_9117_apaironet_1815maironet_2800ecatalyst_9124axaironet_1810catalyst_9105catalyst_9115_apCisco Aironet Access Point Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-20090
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 15.70%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 15:19
Updated-30 Jul, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability

A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_collaboration_endpointroomosCisco TelePresence Endpoint Software (TC/CE)Cisco RoomOS Softwaretelepresence_collaboration_endpoint
CWE ID-CWE-27
Path Traversal: 'dir/../../filename'
CVE-2018-15368
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.91%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux filesystem on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1972
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.50%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:35
Updated-20 Nov, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability

A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions during the execution of an affected command. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-264
Not Available
CVE-2019-1952
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.04%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:25
Updated-20 Nov, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1779
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.09% / 25.09%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:40
Updated-21 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300nexus_93180lc-exfirepower_4150nexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_93128txnexus_9336pq_aci_spinefirepower_4145nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cmds_9200nexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3164qnexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172nexus_9272qnexus_3464cmds_9700nexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qfirepower_4140nexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_5596upfirepower_4115nexus_3524nexus_3548mds_9500nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xfirepower_4125mds_9100nexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txfirepower_4120nexus_7000nexus_92300ycnexus_3064nexus_3232cnexus_5548upnexus_9396pxnexus_5596tfirepower_extensible_operating_systemnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qfirepower_4112nexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1769
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.57%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:20
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Line Card Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_3524-x\/xlnexus_9336pq_acin9k-c9504-fm-rn9k-x96136yc-rnexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cn9k-x9636q-rnexus_3164qnexus_3172tq-32tnexus_3132c-znexus_3524-xnexus_31108tc-vx9636q-rnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_34180ycnexus_31108pc-vn9k-x9636c-rxnexus_3524nexus_3548nexus_3132qnexus_3548-x\/xlnexus_3016nexus_9372pxnexus_92304qcx96136yc-rnexus_93240tc-fx2nexus_3048nexus_9372tx-enexus_93108tc-fxn9k-c9508-fm-rnexus_3524-xlnexus_9396txnexus_3064x9636c-rnexus_3232cnexus_9200ycnexus_9396pxx9636c-rxnexus_3264c-enexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_9372px-enexus_9236cnexus_9516n9k-x9636c-rnexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1775
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:30
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23nexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rnexus_3232cn7k-m324fq-25lmds_9222inexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1768
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 39.01%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 01:25
Updated-20 Nov, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability

A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3132c-znexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_92300ycnexus_3064nexus_3232cnexus_9396pxnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1813
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.47%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1809
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 5.92%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:15
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_6332-16upn7k-m206fq-23lnexus_7000_supervisor_1nx-os7000_10-slotn77-f348xp-23ucs_6248upnexus_7000_supervisor_2nexus_7700_supervisor_3e7000_18-slotn77-m324fq-25ln7k-m202cf-22ln7k-f248xp-25eucs_6324n77-f324fq-25n7k-f312fq-257000_9-slotnexus_7700_supervisor_2e7700_2-slotucs_6332n77-m312cq-26ln7k-m324fq-25lmds_9718ucs_6296upn7k-f306ck-25nexus_7000_supervisor_2e7700_10-slotn77-m348xp-23ln77-f430cq-367700_18-slotn77-f312ck-26mds_9710n7k-m348xp-25l7000_4-slotmds_9706n7k-m224xp-23l7700_6-slotCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1791
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 22.68%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:15
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23nexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rnexus_3232cn7k-m324fq-25lmds_9222inexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1839
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 27.97%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:10
Updated-20 Nov, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Remote PHY Device Software Command Injection Vulnerability

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying various CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-cbr-8_firmwareremote_phy_120remote_phy_120_firmwareremote_phy_shelf_7200_firmwareremote_phy_220_firmwarecbr-8remote_phy_220remote_phy_shelf_7200Cisco Remote PHY
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1770
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.03% / 10.45%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:20
Updated-21 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnexus_93108tc-exnexus_3636c-rnexus_95089736pqnexus_93120txnexus_60007000_10-slotnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004nexus_7700_supervisor_3en9k-x9732c-fxn9k-x9464tx2n7k-f248xp-25en77-f324fq-25nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_5020nexus_9336c-fx2nexus_7700_supervisor_2e7700_2-slotnexus_3132c-zx9636q-rnexus_31108tc-vnexus_3172pq\/pq-xlnexus_5548pnexus_9348gc-fxpnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+n7k-f306ck-25nexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_93180yc-fxnexus_3264qnexus_3432d-sns-oxn7k-m348xp-25lnexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fx7000_4-slotnexus_9500_supervisor_a\+nexus_5596upn9k-x9736c-ex7700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xln7k-m206fq-23ln9k-x97160yc-exnexus_5696qn77-f348xp-23nexus_92160yc-xnexus_9500_supervisor_b7000_18-slotnexus_9504nexus_3048n77-m324fq-25lnexus_6001nexus_93108tc-fxnexus_93360yc-fx2n7k-m202cf-22lnexus_9500_supervisor_an7k-f312fq-257000_9-slotnexus_92300ycnexus_3232cn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn7k-m324fq-25ln9k-x9564txnexus_5010nexus_7000_supervisor_2e7700_10-slotnexus_1000vn77-f430cq-36n9k-x9464pxn77-m348xp-23l7700_18-slot9432pqnexus_5596tnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-sn9k-x9564pxnexus_9516n9k-x9636c-rn7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1781
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:45
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exfirepower_9300firepower_4150nexus_56128pucs_6332-16upnexus_3172tqnexus_9332pqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_93128txnexus_9336pq_aci_spinenexus_6004mds_9250inexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172mds_9718nexus_9272qnexus_3464cmds_9148snexus_93216tc-fx2nexus_36180yc-rmds_9148tnexus_5672upnexus_93180yc-fxmds_9132tnexus_3264qnexus_3432d-sfirepower_4140nexus_34180ycnexus_9000vfx-osnexus_31108pc-vmds_9706nexus_5596upnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xucs_6248upnexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlucs_6324nexus_9396txfirepower_4120nexus_7000nexus_92300ycnexus_3064ucs_6332nexus_3232cnexus_5548upnexus_9396pxmds_9222iucs_6296upnexus_5596tnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tmds_9710nexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1812
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.47%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-1803
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.97%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:20
Updated-20 Nov, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9348gc-fxpnexus_9332pqnexus_93108tc-exnexus_9396pxnexus_9372pxnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_93180yc-fxnexus_9372txnexus_93180tc-exnexus_9504nexus_9372tx-enexus_93180yc-exnexus_9372px-enexus_9396txnexus_9516nexus_9364cnexus_9000_series_application_centric_infrastructurenexus_9336c-fx2Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode
CWE ID-CWE-264
Not Available
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-1774
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:30
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23nexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rnexus_3232cn7k-m324fq-25lmds_9222inexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1790
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:05
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pucs_6332-16upnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23ucs_6248upnexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2ucs_6324n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rucs_6332nexus_3232cn7k-m324fq-25lmds_9222iucs_6296upnexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1784
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:05
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_5548pnexus_5548upnexus_56128pucs_6332-16upnexus_5648qnx-osucs_6296upnexus_5696qucs_6248upnexus_5672upnexus_5596tnexus_60047000nexus_5624qnexus_6001ucs_63247700nexus_5596upucs_6332Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-1776
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:30
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pucs_6332-16upnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sn7k-m348xp-25ln9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23ucs_6248upnexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2ucs_6324n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txnexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotnexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qnexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rucs_6332nexus_3232cn7k-m324fq-25lmds_9222iucs_6296upnexus_50107700_10-slotn77-m348xp-23l7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2mds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1778
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 19:35
Updated-20 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_3524-x\/xlnexus_9336pq_acin9k-c9504-fm-rn9k-x96136yc-rnexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cn9k-x9636q-rnexus_3164qnexus_3172tq-32tnexus_3132c-znexus_3524-xnexus_31108tc-vx9636q-rnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_34180ycnexus_31108pc-vn9k-x9636c-rxnexus_3524nexus_3548nexus_3132qnexus_3548-x\/xlnexus_3016nexus_9372pxnexus_92304qcx96136yc-rnexus_93240tc-fx2nexus_3048nexus_9372tx-enexus_93108tc-fxn9k-c9508-fm-rnexus_3524-xlnexus_9396txnexus_3064x9636c-rnexus_3232cnexus_9200ycnexus_9396pxx9636c-rxnexus_3264c-enexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_9372px-enexus_9236cnexus_9516n9k-x9636c-rnexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1829
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.34% / 56.55%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 01:15
Updated-20 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Aironet Series Access Points Command Injection Vulnerability

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_1562iaironet_1542daironet_1850eaironet_1562eaironet_1850iaironet_2800iaironet_1542iaironet_1562daironet_3800eaironet_3800paironet_2800eaironet_access_point_firmwareaironet_1800iaironet_3800iCisco Aironet Access Point Software
CWE ID-CWE-16
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1783
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.57%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 20:05
Updated-20 Nov, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_5548pnexus_5624qnexus_5548upnexus_56128pnexus_5648qnexus_6001nexus_7000nx-osnexus_5696qnexus_5596upnexus_5672upnexus_5596tnexus_7700nexus_6004Cisco NX-OS Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found