Vulnerabilities > Cisco > Firepower Extensible Operating System > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-34714 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. | 7.4 |
| 2021-02-24 | CVE-2021-1368 | Out-of-bounds Write vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. | 8.8 |
| 2020-10-21 | CVE-2020-3459 | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
| 2020-10-21 | CVE-2020-3456 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 2.4(1.249) A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. | 8.8 |
| 2020-10-21 | CVE-2020-3455 | Unspecified vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. | 7.8 |
| 2020-08-27 | CVE-2020-3517 | NULL Pointer Dereference vulnerability in Cisco Firepower Extensible Operating System and Nx-Os A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. | 8.6 |
| 2020-02-26 | CVE-2020-3172 | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. | 8.8 |
| 2020-02-26 | CVE-2020-3167 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). | 7.8 |
| 2019-10-02 | CVE-2019-12699 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. | 7.8 |
| 2019-05-16 | CVE-2019-1858 | Improper Handling of Exceptional Conditions vulnerability in Cisco Nx-Os A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. | 8.6 |