Vulnerabilities > Cisco > NX OS > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-30 CVE-2017-12351 Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(3)I7(1)/8.1(0)Bd(0.20)
A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container.
local
low complexity
cisco CWE-668
5.7
2017-11-30 CVE-2017-12342 Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(0)Hsk(0.357)/8.1(1)
A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC.
local
low complexity
cisco CWE-668
6.8
2017-11-30 CVE-2017-12341 Command Injection vulnerability in Cisco Nx-Os and Unified Computing System
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.
local
low complexity
cisco CWE-77
6.7
2017-11-30 CVE-2017-12340 Improper Encoding or Escaping of Output vulnerability in Cisco Nx-Os 8.1(0.70)S0
A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system.
local
low complexity
cisco CWE-116
4.2
2017-11-30 CVE-2017-12339 Command Injection vulnerability in Cisco LAN Switch Software and Nx-Os
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.
local
low complexity
cisco CWE-77
5.7
2017-11-30 CVE-2017-12338 Improper Input Validation vulnerability in Cisco products
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files.
local
low complexity
cisco CWE-20
6.0
2017-11-30 CVE-2017-12336 Improper Input Validation vulnerability in Cisco Nx-Os and Unified Computing System
A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device.
local
low complexity
cisco CWE-20
4.2
2017-11-30 CVE-2017-12335 Command Injection vulnerability in Cisco Nx-Os and Unified Computing System
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.
local
low complexity
cisco CWE-77
6.3
2017-11-30 CVE-2017-12334 Improper Input Validation vulnerability in Cisco Nx-Os and Unified Computing System
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.
local
low complexity
cisco CWE-20
6.7
2017-11-30 CVE-2017-12333 Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os and Unified Computing System
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image.
local
low complexity
cisco CWE-347
6.7