Posts for: #10.3(3q)

Cisco NX-OS Software Command Injection Vulnerability

#10.1  #10.1(1)  #10.1(2)  #10.1(2t)  #10.2  #10.2(1)  #10.2(1q)  #10.2(2)  #10.2(2a)  #10.2(3)  #10.2(3t)  #10.2(3v)  #10.2(4)  #10.2(5)  #10.2(6)  #10.2(7) 
🚨 SEVERITY: MEDIUM — CVSS 4.4 Security Advisory

TL;DR 📌

A command injection vulnerability has been identified in Cisco NX-OS Software that could allow an authenticated local attacker to execute arbitrary commands on the underlying operating system. This vulnerability has a CVSS score of 4.4, indicating a Medium severity level. Cisco has released software updates to address this issue, but there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the command-line interface (CLI) of Cisco NX-OS Software allows an authenticated, local attacker to perform a command injection attack on the operating system of affected devices. This vulnerability arises from insufficient validation of user-supplied input. If exploited, an attacker with valid user credentials could read and write files on the underlying operating system with the privileges of a non-root user account.

[]

Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability

#10.1  #10.1(1)  #10.1(2)  #10.1(2t)  #10.2  #10.2(1)  #10.2(1q)  #10.2(2)  #10.2(2a)  #10.2(3)  #10.2(3t)  #10.2(3v)  #10.2(4)  #10.2(5)  #10.2(6)  #10.2(7) 
🚨 SEVERITY: MEDIUM — CVSS 5.0 Security Advisory

TL;DR 📌

A medium-severity vulnerability has been identified in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 and 9000 Series Switches. This flaw could allow an authenticated, low-privileged remote attacker to trigger a denial of service (DoS) condition. No workarounds are available, but Cisco has released software updates to address the issue.

What happened 🕵️‍♂️

A vulnerability in the PIM6 feature of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged remote attacker to crash the PIM6 process. This is due to improper processing of PIM6 ephemeral data queries. An attacker can exploit this vulnerability by sending a crafted ephemeral query through various methods, including NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry. Successful exploitation can lead to a DoS condition, causing potential adjacency flaps.

[]

Cisco Nexus 3000 and 9000 Series Switches Intermediate System-to-Intermediate System Denial of Service Vulnerability

#10.1  #10.1(1)  #10.1(2)  #10.1(2t)  #10.2  #10.2(1)  #10.2(1q)  #10.2(2)  #10.2(2a)  #10.2(3)  #10.2(3t)  #10.2(3v)  #10.2(4)  #10.2(5)  #10.2(6)  #10.2(7) 
🚨 SEVERITY: HIGH — CVSS 7.4 Security Advisory

TL;DR 📌

A high-severity vulnerability has been identified in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco Nexus 3000 and 9000 Series Switches. This vulnerability could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) by sending a crafted IS-IS packet, leading to an unexpected device reload. Cisco has released software updates to address this issue, but no workarounds are available.

[]