Vulnerabilities > Cisco > NX OS > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-24 CVE-2021-1231 Origin Validation Error vulnerability in Cisco Nx-Os
A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface.
low complexity
cisco CWE-346
4.7
2021-02-24 CVE-2021-1229 Unspecified vulnerability in Cisco Nx-Os 15.1(2.31)/5.2(1)Sv5(1.3A)/8.4(3.53)
A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition.
network
low complexity
cisco
5.3
2021-02-24 CVE-2021-1228 Unspecified vulnerability in Cisco Nx-Os
A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN.
low complexity
cisco
6.5
2021-02-04 CVE-2021-1389 Unspecified vulnerability in Cisco IOS XR
A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device.
network
low complexity
cisco
6.5
2020-06-02 CVE-2020-10136 Authentication Bypass by Spoofing vulnerability in multiple products
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
network
low complexity
cisco digi hp treck CWE-290
5.3
2020-02-26 CVE-2020-3174 Insufficient Verification of Data Authenticity vulnerability in Cisco Nx-Os 8.1(1)/8.4(1)/9.3(1)
A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries.
low complexity
cisco CWE-345
4.7
2020-02-26 CVE-2020-3170 Improper Input Validation vulnerability in Cisco Nx-Os
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart.
network
low complexity
cisco CWE-20
5.3
2020-02-05 CVE-2020-3120 Integer Overflow or Wraparound vulnerability in Cisco products
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.
low complexity
cisco CWE-190
6.5
2019-11-05 CVE-2019-1734 Unspecified vulnerability in Cisco Firepower Extensible Operating System
A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted.
local
low complexity
cisco
5.5
2019-09-25 CVE-2019-12662 Improper Verification of Cryptographic Signature vulnerability in Cisco products
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device.
local
low complexity
cisco CWE-347
6.7