Nx OS
CVEs (151)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3330 | 0.00 | — | 0.02 | Aug 11, 2014 | Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly process packet-drop policy checks for logged packets, which allows remote attackers to bypass intended access restrictions via a flood of packets matching a policy that contains the log keyword, aka Bug ID… | |||
| CVE-2014-3295 | 0.00 | — | 0.01 | Jun 14, 2014 | The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309. | |||
| CVE-2014-3261 | 0.00 | — | 0.02 | May 26, 2014 | Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before… | |||
| CVE-2014-2201 | 0.00 | — | 0.02 | May 26, 2014 | The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID… | |||
| CVE-2014-2200 | 0.00 | — | 0.01 | May 26, 2014 | Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629. | |||
| CVE-2013-1191 | 0.00 | — | 0.02 | May 26, 2014 | Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400. | |||
| CVE-2013-6975 | 0.00 | — | 0.01 | May 20, 2014 | Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | |||
| CVE-2014-0684 | 0.00 | — | 0.00 | May 7, 2014 | Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. | |||
| CVE-2014-0677 | 0.00 | — | 0.02 | Jan 22, 2014 | The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. | |||
| CVE-2014-0676 | 0.00 | — | 0.00 | Jan 22, 2014 | Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. | |||
| CVE-2013-6982 | 0.00 | — | 0.03 | Jan 8, 2014 | The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka… | |||
| CVE-2012-4135 | 0.00 | — | 0.00 | Dec 21, 2013 | Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275. | |||
| CVE-2012-4131 | 0.00 | — | 0.01 | Dec 21, 2013 | Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. | |||
| CVE-2013-6683 | 0.00 | — | 0.01 | Nov 13, 2013 | The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904. | |||
| CVE-2013-5566 | 0.00 | — | 0.02 | Nov 8, 2013 | Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874. | |||
| CVE-2012-4121 | 0.00 | — | 0.00 | Oct 14, 2013 | Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. | |||
| CVE-2012-4099 | 0.00 | — | 0.02 | Oct 14, 2013 | The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065. | |||
| CVE-2012-4097 | 0.00 | — | 0.02 | Oct 14, 2013 | The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043. | |||
| CVE-2012-4077 | 0.00 | — | 0.00 | Oct 14, 2013 | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. | |||
| CVE-2012-4076 | 0.00 | — | 0.00 | Oct 14, 2013 | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780. |
- CVE-2014-3330Aug 11, 2014risk 0.00cvss —epss 0.02
Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly process packet-drop policy checks for logged packets, which allows remote attackers to bypass intended access restrictions via a flood of packets matching a policy that contains the log keyword, aka Bug ID…
- CVE-2014-3295Jun 14, 2014risk 0.00cvss —epss 0.01
The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309.
- CVE-2014-3261May 26, 2014risk 0.00cvss —epss 0.02
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before…
- CVE-2014-2201May 26, 2014risk 0.00cvss —epss 0.02
The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID…
- CVE-2014-2200May 26, 2014risk 0.00cvss —epss 0.01
Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629.
- CVE-2013-1191May 26, 2014risk 0.00cvss —epss 0.02
Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.
- CVE-2013-6975May 20, 2014risk 0.00cvss —epss 0.01
Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.
- CVE-2014-0684May 7, 2014risk 0.00cvss —epss 0.00
Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136.
- CVE-2014-0677Jan 22, 2014risk 0.00cvss —epss 0.02
The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.
- CVE-2014-0676Jan 22, 2014risk 0.00cvss —epss 0.00
Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.
- CVE-2013-6982Jan 8, 2014risk 0.00cvss —epss 0.03
The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka…
- CVE-2012-4135Dec 21, 2013risk 0.00cvss —epss 0.00
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
- CVE-2012-4131Dec 21, 2013risk 0.00cvss —epss 0.01
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
- CVE-2013-6683Nov 13, 2013risk 0.00cvss —epss 0.01
The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
- CVE-2013-5566Nov 8, 2013risk 0.00cvss —epss 0.02
Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.
- CVE-2012-4121Oct 14, 2013risk 0.00cvss —epss 0.00
Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
- CVE-2012-4099Oct 14, 2013risk 0.00cvss —epss 0.02
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
- CVE-2012-4097Oct 14, 2013risk 0.00cvss —epss 0.02
The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
- CVE-2012-4077Oct 14, 2013risk 0.00cvss —epss 0.00
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
- CVE-2012-4076Oct 14, 2013risk 0.00cvss —epss 0.00
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
Page 6 of 8