Product:

Nx\-Os

(Cisco)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 276
Date Id Summary Products Score Patch Annotated
2019-05-15 CVE-2019-1778 A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute... Nx\-Os 6.7
2019-05-13 CVE-2019-1649 A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the... 15454\-M\-Wse\-K9_firmware, Analog_voice_network_interface_modules_firmware, Asa_5500_firmware, Asr_1000_series_firmware, Asr_1001_firmware, Catalyst_9800\-40_wireless_controller_firmware, Catalyst_9800\-80_wireless_controller_firmware, Encs_5100_firmware, Encs_5400_firmware, Firepower_2100_firmware, Firepower_4000_firmware, Firepower_9000_firmware, Ic3000\-K9_firmware, Industrial_security_appliances_3000_firmware, Integrated_services_router_4200_firmware, Integrated_services_router_4300_firmware, Integrated_services_router_4400_firmware, Integrated_services_router_t1\/e1_voice_and_wan_network_interface_modules_firmware, Ios, Ios_xe, Ios_xr, Ncs2k\-Mr\-Mxp\-K9_firmware, Nx\-Os, Ons_15454_mstp_firmware, Sm\-X\-1t3\/e3_firmware, Supervisor_a\+_firmware, Supervisor_b\+_firmware 6.7
2016-10-06 CVE-2016-1453 Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701. Nx\-Os 9.8
2011-09-14 CVE-2011-2581 The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490. Nexus_3000, Nexus_5000, Nx\-Os N/A
2016-10-05 CVE-2016-1455 Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365. Nx\-Os 7.5
2017-06-13 CVE-2017-6655 A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. This vulnerability affects Cisco NX-OS Software on the following Cisco devices when they are configured for FCoE: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. More Information: CSCvc91729. Known Affected... Mds_9000_nx\-Os, Nx\-Os, Nx\-Os_for_nexus_5500_platform_switches, Nx\-Os_for_nexus_5600_platform_switches, Nx\-Os_for_nexus_7700_series_switches 6.5
2016-11-19 CVE-2016-6457 A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) - ACI Mode and Cisco Application Policy Infrastructure Controller (APIC). More Information: CSCuy93241. Known Affected Releases: 11.2(2x) 11.2(3x) 11.3(1x) 11.3(2x) 12.0(1x). Known Fixed... Application_policy_infrastructure_controller, Nx\-Os 6.5
2019-05-15 CVE-2019-1732 A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to... Nx\-Os, Nx_os 6.4
2020-06-03 CVE-2020-3217 A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit... Ios, Ios_xe, Ios_xr, Nx\-Os 8.8
2020-06-03 CVE-2020-3228 A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the... Ios, Ios_xe, Nx\-Os 8.6