Vulnerabilities > Cisco > NX OS > 7.0.3.i7.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-15 | CVE-2019-1732 | Improper Locking vulnerability in Cisco Nx-Os A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. | 6.9 |
| 2019-05-15 | CVE-2019-1731 | Information Exposure vulnerability in Cisco Nx-Os A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. | 2.1 |
| 2019-05-15 | CVE-2019-1730 | Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. | 7.2 |
| 2019-05-15 | CVE-2019-1729 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. | 6.6 |
| 2019-05-15 | CVE-2019-1728 | Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. | 7.2 |
| 2019-05-15 | CVE-2019-1727 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. | 7.2 |
| 2019-05-15 | CVE-2019-1726 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. | 4.6 |
| 2019-05-13 | CVE-2019-1649 | Improper Locking vulnerability in Cisco products A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. | 6.7 |
| 2019-03-11 | CVE-2019-1618 | Permission Issues vulnerability in Cisco Nx-Os 7.0(3)I4(9)/7.0(3)I7/7.0(3)I7(2) A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. | 7.2 |
| 2019-03-11 | CVE-2019-1617 | Improper Control of Dynamically-Managed Code Resources vulnerability in Cisco Nx-Os A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 6.1 |