The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Nexus by Cisco

vulnerability alert CVE-2017-6770

Cisco ASA, IOS, XE, NX-OS: privilege escalation via OSPF LSA

Synthesis of the vulnerability

Impacted products: ASA, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Router.
Severity: 2/4.
Consequences: privileged access/rights, data creation/edition.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 28/07/2017.
Identifiers: cisco-sa-20170727-ospf, CSCva74756, CSCve47393, CSCve47401, CVE-2017-6770, VIGILANCE-VUL-23381, VU#793496.

Description of the vulnerability

An attacker can bypass restrictions via OSPF LSA of Cisco, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-6650

Cisco Nexus: read-write access via Telnet CLI Command Injection

Synthesis of the vulnerability

Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 06/07/2017.
Identifiers: CERTFR-2017-AVI-202, cisco-sa-20170517-nss1, CSCvb86771, CVE-2017-6650, VIGILANCE-VUL-23144.

Description of the vulnerability

An attacker can bypass access restrictions via Telnet CLI Command Injection of Cisco Nexus, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-6649

Cisco Nexus: code execution via CLI Command Injection

Synthesis of the vulnerability

Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 06/07/2017.
Identifiers: CERTFR-2017-AVI-202, cisco-sa-20170517-nss, CSCvb86787, CSCve60516, CSCve60555, CSCve62810, CVE-2017-6649, VIGILANCE-VUL-23143.

Description of the vulnerability

An attacker can use a vulnerability via CLI Command Injection of Cisco Nexus, in order to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-6650

Cisco Nexus 5000: read-write access via Telnet CLI Command Injection

Synthesis of the vulnerability

Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 18/05/2017.
Identifiers: CERTFR-2017-AVI-160, cisco-sa-20170517-nss1, CSCvb86771, CVE-2017-6650, VIGILANCE-VUL-22759.

Description of the vulnerability

An attacker can bypass access restrictions via Telnet CLI Command Injection of Cisco Nexus 5000, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-6649

Cisco Nexus 5000: code execution via CLI Command Injection

Synthesis of the vulnerability

Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 18/05/2017.
Identifiers: CERTFR-2017-AVI-160, cisco-sa-20170517-nss, CSCvb86787, CVE-2017-6649, VIGILANCE-VUL-22758.

Description of the vulnerability

An attacker can use a vulnerability via CLI Command Injection of Cisco Nexus 5000, in order to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-3875

Cisco Nexus 7000: privilege escalation via Access-Control Bypass

Synthesis of the vulnerability

Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 16/03/2017.
Identifiers: cisco-sa-20170315-cns, CSCtz59354, CVE-2017-3875, VIGILANCE-VUL-22158.

Description of the vulnerability

An attacker can bypass restrictions via Access-Control Bypass of Cisco Nexus 7000, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-3878

Cisco Nexus 9000: denial of service via Telnet Login

Synthesis of the vulnerability

Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 16/03/2017.
Identifiers: cisco-sa-20170315-nss, CSCux46778, CVE-2017-3878, VIGILANCE-VUL-22156.

Description of the vulnerability

An attacker can generate a fatal error via Telnet Login of Cisco Nexus 9000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-3879

Cisco Nexus 9000: denial of service via Remote Login

Synthesis of the vulnerability

Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 16/03/2017.
Identifiers: cisco-sa-20170315-nss1, CSCuy25824, CVE-2017-3879, VIGILANCE-VUL-22155.

Description of the vulnerability

An attacker can generate a fatal error via Remote Login of Cisco Nexus 9000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-3733

OpenSSL: denial of service via the "Encrypt-Then-Mac" option

Synthesis of the vulnerability

An attacker can change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco ATA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Router, Cisco CUCM, Cisco Manager Attendant Console, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, HP Operations, IRAD, Tivoli Storage Manager, OpenSSL, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 16/02/2017.
Identifiers: 2003480, 2003620, 2003673, 2004940, CERTFR-2017-AVI-035, cisco-sa-20170130-openssl, cpujan2018, cpuoct2017, CVE-2017-3733, HPESBGN03728, VIGILANCE-VUL-21871.

Description of the vulnerability

OpenSSL implements the possibility of renegotiation of TLS option and parameters during a session.

However, for some combinations of algorithms, the negation of the state of the option "Encrypt-Then-Mac" generates a fatal error.

An attacker can therefore change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2013-0149

OSPF: corrupting the routing database

Synthesis of the vulnerability

An attacker can spoof OSPF messages, in order to corrupt the routing database.
Impacted products: CheckPoint IP Appliance, IPSO, CheckPoint Security Gateway, Cisco ASR, ASA, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Router, ProCurve Switch, HP Switch, Juniper E-Series, Juniper J-Series, JUNOSe, Junos OS, NetScreen Firewall, ScreenOS, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: data creation/edition, data deletion.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 02/08/2013.
Revisions dates: 01/08/2014, 14/02/2017.
Identifiers: BID-61566, c03880910, CERTA-2013-AVI-458, CERTA-2013-AVI-487, CERTA-2013-AVI-508, cisco-sa-20130801-lsaospf, CQ95773, CSCug34469, CSCug34485, CSCug39762, CSCug39795, CSCug63304, CVE-2013-0149, HPSBHF02912, JSA10575, JSA10580, JSA10582, PR 878639, PR 895456, sk94490, SUSE-SU-2014:0879-1, VIGILANCE-VUL-13192, VU#229804.

Description of the vulnerability

The RFC 2328 defines the OSPF protocol (Open Shortest Path First) which established IP routes, using LSA (Link State Advertisement) messages.

The LSA Type 1 Update (LSU, Link-State Update) message is used to update the routing database. However, the RFC does not request to check the "Link State ID" and "Advertising Router" fields of LSU messages. Several implementations (Cisco, Juniper, etc.) therefore do not perform this check.

An attacker can thus spoof a LSU message if he knows:
 - the IP address of the target router
 - LSA DB sequence numbers
 - the router ID of the OSPF Designated Router

An attacker can therefore spoof OSPF messages, in order to corrupt the routing database.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Nexus by Cisco: