Vulnerabilities > Cisco > NX OS > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-05-15 CVE-2019-1769 OS Command Injection vulnerability in Cisco Nx-Os
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root.
local
low complexity
cisco CWE-78
6.7
2019-05-15 CVE-2019-1732 Improper Locking vulnerability in Cisco Nx-Os
A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection.
local
cisco CWE-667
6.9
2019-05-15 CVE-2019-1729 Improper Input Validation vulnerability in Cisco Nx-Os
A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files.
local
low complexity
cisco CWE-20
6.6
2019-05-15 CVE-2019-1726 Improper Input Validation vulnerability in Cisco Nx-Os
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API.
local
low complexity
cisco CWE-20
4.6
2019-05-13 CVE-2019-1649 Improper Locking vulnerability in Cisco products
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component.
local
low complexity
cisco CWE-667
6.7
2019-05-03 CVE-2019-1836 Path Traversal vulnerability in Cisco Nx-Os 14.0(3D)
A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files.
local
low complexity
cisco CWE-22
6.6
2019-05-03 CVE-2019-1590 Improper Certificate Validation vulnerability in Cisco Nx-Os 14.1(0.90)/8.3(0)Sk(0.39)
A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device.
network
cisco CWE-295
6.8
2019-05-03 CVE-2019-1587 Resource Management Errors vulnerability in Cisco Nx-Os 8.3(0)Sk(0.39)
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information.
network
low complexity
cisco CWE-399
4.0
2019-03-11 CVE-2019-1617 Improper Control of Dynamically-Managed Code Resources vulnerability in Cisco Nx-Os
A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
low complexity
cisco CWE-913
6.1
2019-03-11 CVE-2019-1616 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Nx-Os
A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-119
5.0