Vulnerabilities > Cisco > NX OS > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-02-24 CVE-2021-1361 Files or Directories Accessible to External Parties vulnerability in Cisco Nx-Os 9.3(5)/9.3(6)
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device.
network
low complexity
cisco CWE-552
critical
9.1
2020-08-27 CVE-2020-3454 OS Command Injection vulnerability in Cisco Nx-Os
A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS).
network
low complexity
cisco CWE-78
critical
9.0
2019-03-11 CVE-2019-1614 Command Injection vulnerability in Cisco Nx-Os
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges.
network
low complexity
cisco CWE-77
critical
9.0
2018-06-21 CVE-2018-0310 Out-of-bounds Read vulnerability in Cisco Firepower Extensible Operating System and Nx-Os
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product.
network
low complexity
cisco CWE-125
critical
9.8
2018-06-21 CVE-2018-0313 Injection vulnerability in Cisco Nx-Os
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit.
network
low complexity
cisco CWE-74
critical
9.0
2018-06-20 CVE-2018-0293 OS Command Injection vulnerability in Cisco Nx-Os
A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user.
network
low complexity
cisco CWE-78
critical
9.0
2018-06-20 CVE-2018-0301 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Nx-Os
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow.
network
low complexity
cisco CWE-119
critical
10.0
2016-10-06 CVE-2015-0721 Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492.
network
low complexity
cisco CWE-264
critical
9.0
2016-10-06 CVE-2016-1453 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Nx-Os
Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.
network
low complexity
cisco CWE-119
critical
10.0
2016-03-03 CVE-2016-1329 Improper Authentication vulnerability in Cisco Nx-Os and Nx-Ox
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.
network
low complexity
cisco CWE-287
critical
10.0