| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Nexus by Cisco
Cisco ASA, IOS, XE, NX-OS: privilege escalation via OSPF LSA
Synthesis of the vulnerability
An attacker can bypass restrictions via OSPF LSA of Cisco, in order to escalate his privileges.
Impacted products: ASA, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Router.
Severity: 2/4.
Consequences: privileged access/rights, data creation/edition.
Provenance: intranet client.
Creation date: 28/07/2017.
Identifiers: cisco-sa-20170727-ospf, CSCva74756, CSCve47393, CSCve47401, CVE-2017-6770, VIGILANCE-VUL-23381, VU#793496.
Description of the vulnerability
An attacker can bypass restrictions via OSPF LSA of Cisco, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
Cisco Nexus: read-write access via Telnet CLI Command Injection
Synthesis of the vulnerability
An attacker can bypass access restrictions via Telnet CLI Command Injection of Cisco Nexus, in order to read or alter data.
Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 06/07/2017.
Identifiers: CERTFR-2017-AVI-202, cisco-sa-20170517-nss1, CSCvb86771, CVE-2017-6650, VIGILANCE-VUL-23144.
Description of the vulnerability
An attacker can bypass access restrictions via Telnet CLI Command Injection of Cisco Nexus, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial) |
Cisco Nexus: code execution via CLI Command Injection
Synthesis of the vulnerability
An attacker can use a vulnerability via CLI Command Injection of Cisco Nexus, in order to run code.
Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 06/07/2017.
Identifiers: CERTFR-2017-AVI-202, cisco-sa-20170517-nss, CSCvb86787, CSCve60516, CSCve60555, CSCve62810, CVE-2017-6649, VIGILANCE-VUL-23143.
Description of the vulnerability
An attacker can use a vulnerability via CLI Command Injection of Cisco Nexus, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Cisco Nexus 5000: read-write access via Telnet CLI Command Injection
Synthesis of the vulnerability
An attacker can bypass access restrictions via Telnet CLI Command Injection of Cisco Nexus 5000, in order to read or alter data.
Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 18/05/2017.
Identifiers: CERTFR-2017-AVI-160, cisco-sa-20170517-nss1, CSCvb86771, CVE-2017-6650, VIGILANCE-VUL-22759.
Description of the vulnerability
An attacker can bypass access restrictions via Telnet CLI Command Injection of Cisco Nexus 5000, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial) |
Cisco Nexus 5000: code execution via CLI Command Injection
Synthesis of the vulnerability
An attacker can use a vulnerability via CLI Command Injection of Cisco Nexus 5000, in order to run code.
Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: user shell.
Creation date: 18/05/2017.
Identifiers: CERTFR-2017-AVI-160, cisco-sa-20170517-nss, CSCvb86787, CVE-2017-6649, VIGILANCE-VUL-22758.
Description of the vulnerability
An attacker can use a vulnerability via CLI Command Injection of Cisco Nexus 5000, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Cisco Nexus 7000: privilege escalation via Access-Control Bypass
Synthesis of the vulnerability
An attacker can bypass restrictions via Access-Control Bypass of Cisco Nexus 7000, in order to escalate his privileges.
Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Creation date: 16/03/2017.
Identifiers: cisco-sa-20170315-cns, CSCtz59354, CVE-2017-3875, VIGILANCE-VUL-22158.
Description of the vulnerability
An attacker can bypass restrictions via Access-Control Bypass of Cisco Nexus 7000, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
Cisco Nexus 9000: denial of service via Telnet Login
Synthesis of the vulnerability
An attacker can generate a fatal error via Telnet Login of Cisco Nexus 9000, in order to trigger a denial of service.
Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: document.
Creation date: 16/03/2017.
Identifiers: cisco-sa-20170315-nss, CSCux46778, CVE-2017-3878, VIGILANCE-VUL-22156.
Description of the vulnerability
An attacker can generate a fatal error via Telnet Login of Cisco Nexus 9000, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Cisco Nexus 9000: denial of service via Remote Login
Synthesis of the vulnerability
An attacker can generate a fatal error via Remote Login of Cisco Nexus 9000, in order to trigger a denial of service.
Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: document.
Creation date: 16/03/2017.
Identifiers: cisco-sa-20170315-nss1, CSCuy25824, CVE-2017-3879, VIGILANCE-VUL-22155.
Description of the vulnerability
An attacker can generate a fatal error via Remote Login of Cisco Nexus 9000, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: denial of service via the "Encrypt-Then-Mac" option
Synthesis of the vulnerability
An attacker can change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco ATA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Router, Cisco CUCM, Cisco Manager Attendant Console, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, HP Operations, IRAD, Tivoli Storage Manager, OpenSSL, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 16/02/2017.
Identifiers: 2003480, 2003620, 2003673, 2004940, CERTFR-2017-AVI-035, cisco-sa-20170130-openssl, cpujan2018, cpuoct2017, CVE-2017-3733, HPESBGN03728, VIGILANCE-VUL-21871.
Description of the vulnerability
OpenSSL implements the possibility of renegotiation of TLS option and parameters during a session.
However, for some combinations of algorithms, the negation of the state of the option "Encrypt-Then-Mac" generates a fatal error.
An attacker can therefore change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
OSPF: corrupting the routing database
Synthesis of the vulnerability
An attacker can spoof OSPF messages, in order to corrupt the routing database.
Impacted products: CheckPoint IP Appliance, IPSO, CheckPoint Security Gateway, Cisco ASR, ASA, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Router, ProCurve Switch, HP Switch, Juniper E-Series, Juniper J-Series, JUNOSe, Junos OS, NetScreen Firewall, ScreenOS, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: data creation/edition, data deletion.
Provenance: internet client.
Creation date: 02/08/2013.
Revisions dates: 01/08/2014, 14/02/2017.
Identifiers: BID-61566, c03880910, CERTA-2013-AVI-458, CERTA-2013-AVI-487, CERTA-2013-AVI-508, cisco-sa-20130801-lsaospf, CQ95773, CSCug34469, CSCug34485, CSCug39762, CSCug39795, CSCug63304, CVE-2013-0149, HPSBHF02912, JSA10575, JSA10580, JSA10582, PR 878639, PR 895456, sk94490, SUSE-SU-2014:0879-1, VIGILANCE-VUL-13192, VU#229804.
Description of the vulnerability
The RFC 2328 defines the OSPF protocol (Open Shortest Path First) which established IP routes, using LSA (Link State Advertisement) messages.
The LSA Type 1 Update (LSU, Link-State Update) message is used to update the routing database. However, the RFC does not request to check the "Link State ID" and "Advertising Router" fields of LSU messages. Several implementations (Cisco, Juniper, etc.) therefore do not perform this check.
An attacker can thus spoof a LSU message if he knows:
- the IP address of the target router
- LSA DB sequence numbers
- the router ID of the OSPF Designated Router
An attacker can therefore spoof OSPF messages, in order to corrupt the routing database.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Nexus by Cisco:
|