Vulnerabilities > Cisco > NX OS > Low

DATE CVE VULNERABILITY TITLE RISK
2020-08-27 CVE-2020-3504 Resource Exhaustion vulnerability in Cisco Firepower Extensible Operating System and Nx-Os
A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.
local
low complexity
cisco CWE-400
3.3
2020-02-26 CVE-2020-3174 Insufficient Verification of Data Authenticity vulnerability in Cisco Nx-Os 8.1(1)/8.4(1)/9.3(1)
A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries.
low complexity
cisco CWE-345
3.3
2019-05-15 CVE-2019-1731 Information Exposure vulnerability in Cisco Nx-Os
A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device.
local
low complexity
cisco CWE-200
2.1
2019-05-15 CVE-2019-1733 Cross-site Scripting vulnerability in Cisco Nx-Os
A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device.
network
cisco CWE-79
3.5
2019-05-03 CVE-2019-1589 Information Exposure vulnerability in Cisco Nx-Os 8.3(0)Sk(0.39)
A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device.
local
low complexity
cisco CWE-200
2.1
2019-03-06 CVE-2019-1588 Improper Privilege Management vulnerability in Cisco Nx-Os
A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device.
local
low complexity
cisco CWE-269
2.1
2018-01-18 CVE-2018-0092 Missing Authorization vulnerability in Cisco Nx-Os 7.0(3)I5(2)/7.0(3)I6(1)/7.0(3)I7(1)
A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts.
local
low complexity
cisco CWE-862
3.6
2017-11-30 CVE-2017-12338 Improper Input Validation vulnerability in Cisco products
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files.
local
low complexity
cisco CWE-20
2.1
2017-06-13 CVE-2017-6655 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads.
low complexity
cisco CWE-119
3.3
2015-07-03 CVE-2015-4231 Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os 6.2(8A)
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.
local
low complexity
cisco CWE-264
3.6