Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firepower_extensible_operating_system
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 55 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-15 | CVE-2022-20934 | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command... | Firepower_extensible_operating_system, Firepower_threat_defense | 6.7 | ||
| 2023-08-23 | CVE-2023-20234 | A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file... | Firepower_extensible_operating_system | 6.0 | ||
| 2020-08-27 | CVE-2020-3504 | A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate... | Firepower_extensible_operating_system, Nx\-Os | 3.3 | ||
| 2020-09-04 | CVE-2020-3545 | A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying... | Firepower_extensible_operating_system | 6.7 | ||
| 2020-10-21 | CVE-2020-3456 | A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due to insufficient CSRF protections for the FCM interface. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could take... | Firepower_extensible_operating_system | 8.8 | ||
| 2021-02-24 | CVE-2021-1368 | A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A... | Firepower_extensible_operating_system, Nx\-Os, Unified_computing_system | 8.8 | ||
| 2021-09-23 | CVE-2021-34714 | A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow... | Firepower_extensible_operating_system, Fxos, Ios, Ios_xe, Ios_xr, Nx\-Os | 7.4 | ||
| 2022-02-23 | CVE-2022-20625 | A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to... | Firepower_extensible_operating_system, Nx\-Os | 4.3 | ||
| 2023-02-23 | CVE-2023-20015 | A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could... | Firepower_extensible_operating_system, Ucs_6200_firmware, Ucs_6248up_firmware, Ucs_6296up_firmware, Ucs_6300_firmware, Ucs_6324_firmware, Ucs_6332\-16up_firmware, Ucs_6332_firmware, Ucs_64108_firmware, Ucs_6454_firmware, Ucs_6536_firmware, Ucs_central_software | 6.7 | ||
| 2020-10-21 | CVE-2020-3457 | A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root... | Adaptive_security_appliance_software, Firepower_extensible_operating_system, Firepower_threat_defense | 6.7 |