Vulnerabilities > Cisco > NX OS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-20 | CVE-2018-0330 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. | 6.5 |
| 2018-06-20 | CVE-2018-0294 | Unspecified vulnerability in Cisco Firepower Extensible Operating System, Fxos and Nx-Os A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. | 6.7 |
| 2018-06-20 | CVE-2018-0291 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. | 6.8 |
| 2018-01-18 | CVE-2018-0102 | Double Free vulnerability in Cisco Nx-Os 7.2(1)D(1)/7.2(2)D1(1)/7.2(2)D1(2) A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. | 6.1 |
| 2018-01-18 | CVE-2018-0090 | Resource Exhaustion vulnerability in Cisco Nx-Os 7.3(2)N1(0.6)/8.3(0)Kms(0.31)/8.8(3.5)S0 A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. | 5.0 |
| 2017-11-30 | CVE-2017-12351 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(3)I7(1)/8.1(0)Bd(0.20) A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. | 4.6 |
| 2017-11-30 | CVE-2017-12342 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(0)Hsk(0.357)/8.1(1) A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. | 4.6 |
| 2017-11-30 | CVE-2017-12340 | Improper Encoding or Escaping of Output vulnerability in Cisco Nx-Os 8.1(0.70)S0 A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. | 4.6 |
| 2017-11-30 | CVE-2017-12339 | Command Injection vulnerability in Cisco LAN Switch Software and Nx-Os A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 4.6 |
| 2017-11-30 | CVE-2017-12336 | Improper Input Validation vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. | 4.6 |