cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20413,https://securityvulnerability.io/vulnerability/CVE-2024-20413,Cisco NX-OS Software Vulnerability: Elevated Privileges for Authenticated Attackers,"A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device.

This vulnerability is due to insufficient security restrictions when executing application arguments from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to create new users with the privileges of network-admin.",Cisco,Cisco Nx-os Software,6.7,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-08-30T04:15:03.000Z,,false,false,,2024-08-28T17:15:00.000Z,0
CVE-2024-20411,https://securityvulnerability.io/vulnerability/CVE-2024-20411,Cisco NX-OS Software Vulnerability Allows Arbitrary Code Execution as Root,"A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to&nbsp;execute arbitrary code as root on an affected device.

This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing a specific crafted command on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary code with the privileges of root.",Cisco,Cisco Nx-os Software,6.7,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-08-30T04:15:03.000Z,,false,false,,2024-08-28T17:15:00.000Z,0
CVE-2024-20399,https://securityvulnerability.io/vulnerability/CVE-2024-20399,Cisco NX-OS Software Vulnerability: Arbitrary Command Execution as Root,"The vulnerability CVE-2024-20399 affects Cisco NX-OS Software and allows an authenticated, local attacker to execute arbitrary commands as root on the affected device. This is a command injection vulnerability with a CVSS risk score of 6.0, and it has been exploited by the Chinese hacker group Velvet Ant for network espionage activities. The vulnerability affects a wide range of Cisco Nexus products and requires the attacker to have Administrator credentials. Cisco has released new software to patch the vulnerability and urges IT professionals to apply the update promptly to mitigate the risk. The exploit of this vulnerability allows the attacker to remotely access Nexus devices and execute malicious code, potentially leading to data breaches and further attacks.",Cisco,Cisco Nx-os Software,6.7,MEDIUM,0.0025599999353289604,true,2024-07-02T00:00:00.000Z,true,true,true,2024-07-02T00:00:00.000Z,true,false,false,,2024-07-01T16:11:44.028Z,0
CVE-2024-20321,https://securityvulnerability.io/vulnerability/CVE-2024-20321,Cisco NX-OS Software Vulnerability Could Lead to Denial of Service,"A vulnerability exists in the External Border Gateway Protocol (eBGP) implementation of Cisco's NX-OS Software, which could be exploited by an unauthenticated remote attacker. This issue arises from the mapping of eBGP traffic to a shared hardware rate-limiter queue, allowing attackers to send specially crafted large volumes of network traffic. Successful exploitation may result in the termination of eBGP neighbor sessions, thus creating a denial of service condition that disrupts network operations. Preventive measures and mitigations are essential to safeguard the affected products from potential exploitation.",Cisco,Cisco Nx-os Software,8.6,HIGH,0.0005499999970197678,false,,false,false,false,,,false,false,,2024-02-29T01:43:00.000Z,0
CVE-2024-20267,https://securityvulnerability.io/vulnerability/CVE-2024-20267,Cisco NX-OS Software Vulnerability Could Lead to Unexpected Restart or Denial of Service,"An issue exists in the handling of MPLS traffic within Cisco's NX-OS Software that allows an unauthenticated remote adversary to trigger unexpected restarts of the netstack process. This vulnerability stems from insufficient error handling when dealing with ingress MPLS frames. An attacker can exploit this vulnerability by dispatching a specially crafted IPv6 packet encapsulated in an MPLS frame to the targeted device's MPLS-enabled interface. Such exploitation may result in a denial of service condition as the NX-OS device attempts to process the malicious packet. Notably, the IPv6 packet can originate multiple hops away from the device, facilitating potential remote attacks.",Cisco,Cisco Nx-os Software,8.6,HIGH,0.0005499999970197678,false,,false,false,true,2024-08-28T15:15:08.000Z,,false,false,,2024-02-29T01:43:00.000Z,0
CVE-2024-20294,https://securityvulnerability.io/vulnerability/CVE-2024-20294,Cisco FXOS Software Vulnerability Could Lead to Denial of Service,"A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
 This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device.
 Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).",Cisco,"Cisco Nx-os Software,Cisco Unified Computing System (managed),Cisco Firepower Extensible Operating System (fxos),Cisco Nx-os System Software In Aci Mode",6.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-29T01:43:00.000Z,0
CVE-2024-20291,https://securityvulnerability.io/vulnerability/CVE-2024-20291,Unauthenticated Remote Attacker Could Send Traffic Through Blocked Ports,"A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.
 This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.",Cisco,Cisco Nx-os Software,5.8,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-03-03T09:04:40.000Z,true,false,false,,2024-02-29T01:43:00.000Z,0
CVE-2023-20168,https://securityvulnerability.io/vulnerability/CVE-2023-20168,Input Validation Flaw in Cisco NX-OS Enhances Risk of Denial of Service,"A vulnerability exists within the TACACS+ and RADIUS remote authentication processes in Cisco NX-OS Software. It stems from improper input validation during authentication attempts when the directed request option is enabled. An unauthenticated, local attacker could exploit this flaw by submitting a specially crafted string at the login prompt, prompting the affected device to unexpectedly reload. This scenario could ultimately lead to a denial of service (DoS) state, impacting device availability.",Cisco,Cisco NX-OS Software,6.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2023-08-23T19:15:00.000Z,0
CVE-2023-20169,https://securityvulnerability.io/vulnerability/CVE-2023-20169,Denial of Service Vulnerability in Cisco Nexus 3000 and 9000 Series Switches,"A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software used by Cisco Nexus 3000 and 9000 Series Switches allows an unauthenticated, adjacent attacker to disrupt the IS-IS process. This vulnerability stems from insufficient input validation when processing incoming IS-IS packets. By sending specially crafted packets to an affected device, an attacker can force the IS-IS process to restart unexpectedly, leading to a potential denial of service condition and a complete reload of the affected device. Attackers must be Layer 2 adjacent to exploit this flaw, highlighting the importance of network segmentation and vigilant access control.",Cisco,Cisco NX-OS Software,6.5,MEDIUM,0.002090000081807375,false,,false,false,false,,,false,false,,2023-08-23T19:15:00.000Z,0
CVE-2023-20115,https://securityvulnerability.io/vulnerability/CVE-2023-20115,SFTP Server Logic Flaw in Cisco Nexus Series Switches,"A security vulnerability in the SFTP server implementation of Cisco Nexus 3000 and 9000 Series Switches allows authenticated, remote users to exploit a logic error when user roles are verified upon establishing an SFTP connection. This oversight could enable an attacker to download or overwrite files in the device's underlying operating system by authenticating as a non-administrator user. Although there are workarounds available to mitigate this risk, it is essential to apply the recommended updates to safeguard your network.",Cisco,Cisco Nx-os Software,5.4,MEDIUM,0.0006099999882280827,false,,false,false,true,2024-10-02T19:15:13.000Z,,false,false,,2023-08-23T19:15:00.000Z,0
CVE-2023-20185,https://securityvulnerability.io/vulnerability/CVE-2023-20185,Encryption Vulnerability in Cisco Nexus 9000 Series Switches,"A vulnerability exists within the CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode, allowing an unauthenticated remote attacker to potentially read or modify encrypted intersite traffic. This issue stems from a weakness in the implementation of ciphers utilized for encryption. An attacker positioned on the path between ACI sites can exploit this vulnerability, employing cryptanalytic techniques to compromise the encryption. As a result, affected traffic may be intercepted and altered. Notably, Cisco has indicated that they will not release any software updates to remedy this vulnerability.",Cisco,Cisco NX-OS System Software in ACI Mode,7.4,HIGH,0.0011899999808520079,false,,false,false,false,,,false,false,,2023-07-12T14:15:00.000Z,0
CVE-2023-20089,https://securityvulnerability.io/vulnerability/CVE-2023-20089,Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability,"A vulnerability exists in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches operating in Application Centric Infrastructure (ACI) Mode. This flaw could be exploited by an adjacent attacker to induce a memory leak that unexpectedly reloads the device. The vulnerability stems from inadequate error checking when parsing LLDP packets. To exploit this, an attacker must send crafted LLDP packets directly to an affected device in the same broadcast domain. Although this could create a denial of service condition, the risk can be mitigated by disabling LLDP on non-essential interfaces.",Cisco,Cisco Nx-os System Software In Aci Mode,7.4,HIGH,0.0005200000014156103,false,,false,false,true,2024-10-25T17:15:14.000Z,,false,false,,2023-02-23T00:00:00.000Z,0
CVE-2023-20050,https://securityvulnerability.io/vulnerability/CVE-2023-20050,Cisco NX-OS Software CLI Command Injection Vulnerability,"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.",Cisco,Cisco Nx-os Software,4.4,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-10-25T17:15:13.000Z,,false,false,,2023-02-23T00:00:00.000Z,0
CVE-2022-20824,https://securityvulnerability.io/vulnerability/CVE-2022-20824,Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability,"A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",Cisco,Cisco Nx-os Software,8.8,HIGH,0.0010999999940395355,false,,false,false,true,2024-08-03T03:15:43.000Z,,false,false,,2022-08-25T19:15:00.000Z,0
CVE-2022-20823,https://securityvulnerability.io/vulnerability/CVE-2022-20823,Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability,"A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device. A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The OSPFv3 feature is disabled by default. To exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device. For more information about exploitation conditions, see the Details section of this advisory.",Cisco,Cisco Nx-os Software,8.6,HIGH,0.0013800000306218863,false,,false,false,true,2024-08-03T03:15:43.000Z,,false,false,,2022-08-24T00:00:00.000Z,0
CVE-2022-20625,https://securityvulnerability.io/vulnerability/CVE-2022-20625,Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability,"A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart.",Cisco,Cisco Nx-os Software,4.3,MEDIUM,0.0005799999926239252,false,,false,false,true,2024-08-03T03:15:34.000Z,,false,false,,2022-02-23T00:00:00.000Z,0
CVE-2022-20624,https://securityvulnerability.io/vulnerability/CVE-2022-20624,Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability,"A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.",Cisco,Cisco Nx-os Software,8.6,HIGH,0.0015899999998509884,false,,false,false,true,2024-08-03T03:15:34.000Z,,false,false,,2022-02-23T00:00:00.000Z,0
CVE-2022-20623,https://securityvulnerability.io/vulnerability/CVE-2022-20623,Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability,"A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic.",Cisco,Cisco Nx-os Software,8.6,HIGH,0.0013299999991431832,false,,false,false,true,2024-08-03T03:15:34.000Z,,false,false,,2022-02-23T00:00:00.000Z,0
CVE-2022-20650,https://securityvulnerability.io/vulnerability/CVE-2022-20650,Cisco NX-OS Software NX-API Command Injection Vulnerability,"A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default.",Cisco,Cisco Nx-os Software,8.8,HIGH,0.0014799999771639705,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-02-23T00:00:00.000Z,0
CVE-2021-1523,https://securityvulnerability.io/vulnerability/CVE-2021-1523,Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability,"A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in one or more leaf switches being removed from the fabric. This vulnerability is due to mishandling of ingress TCP traffic to a specific port. An attacker could exploit this vulnerability by sending a stream of TCP packets to a specific port on a Switched Virtual Interface (SVI) configured on the device. A successful exploit could allow the attacker to cause a specific packet queue to queue network buffers but never process them, leading to an eventual queue wedge. This could cause control plane traffic to be dropped, resulting in a denial of service (DoS) condition where the leaf switches are unavailable. Note: This vulnerability requires a manual intervention to power-cycle the device to recover.",Cisco,Cisco Nx-os System Software In Aci Mode,8.6,HIGH,0.0015999999595806003,false,,false,false,true,2024-08-03T17:15:59.000Z,,false,false,,2021-08-25T00:00:00.000Z,0
CVE-2021-1590,https://securityvulnerability.io/vulnerability/CVE-2021-1590,Cisco NX-OS Software system login block-for Denial of Service Vulnerability,"A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device.",Cisco,Cisco Nx-os Software,5.3,MEDIUM,0.0014100000262260437,false,,false,false,true,2024-08-03T17:16:03.000Z,,false,false,,2021-08-25T00:00:00.000Z,0
CVE-2021-1583,https://securityvulnerability.io/vulnerability/CVE-2021-1583,Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability,"A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to read arbitrary files on the file system of the affected device.",Cisco,Cisco Nx-os System Software In Aci Mode,4.4,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T17:16:02.000Z,,false,false,,2021-08-25T00:00:00.000Z,0
CVE-2021-1584,https://securityvulnerability.io/vulnerability/CVE-2021-1584,Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability,"A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root.",Cisco,Cisco Nx-os System Software In Aci Mode,6,MEDIUM,0.000859999970998615,false,,false,false,true,2024-08-03T17:16:02.000Z,,false,false,,2021-08-25T00:00:00.000Z,0
CVE-2021-1586,https://securityvulnerability.io/vulnerability/CVE-2021-1586,Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability,"A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition. This vulnerability exists because TCP traffic sent to a specific port on an affected device is not properly sanitized. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port that is listening on a public-facing IP address for the Multi-Pod or Multi-Site configuration. A successful exploit could allow the attacker to cause the device to restart unexpectedly, resulting in a DoS condition.",Cisco,Cisco Nx-os System Software In Aci Mode,8.6,HIGH,0.0015999999595806003,false,,false,false,true,2024-08-03T17:16:02.000Z,,false,false,,2021-08-25T00:00:00.000Z,0
CVE-2021-1588,https://securityvulnerability.io/vulnerability/CVE-2021-1588,Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability,"A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply packet. An attacker could exploit this vulnerability by sending malicious MPLS echo-request or echo-reply packets to an interface that is enabled for MPLS forwarding on the affected device. A successful exploit could allow the attacker to cause the MPLS OAM process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.",Cisco,Cisco Nx-os Software,8.6,HIGH,0.0015999999595806003,false,,false,false,true,2024-08-03T17:16:03.000Z,,false,false,,2021-08-25T00:00:00.000Z,0