Cisco Nexus 5000, 6000, 7000 Security Vulnerabilities

SMM Memory Corruption Vulnerability

Bulletin ID: AMD-SB-4003 Potential Impact: Arbitrary Code Execution Severity: High Summary SMM memory corruption vulnerability in SMM driver on some AMD Processors. CVE-2023-20555 Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an...

Return Address Security Bulletin

Bulletin ID:AMD-SB-7005 Potential Impact: Data Confidentiality Severity:Medium Summary AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading to.....

OpenSSL Vulnerabilities

Bulletin ID:AMD-SB-7001 Potential Impact: Denial of Service, Remote Code Execution Severity:High Summary OpenSSL announced two high severity vulnerabilities affecting certain versions of their product. Currently, AMD believes potential impact is limited to the ReLive streaming feature which makes.....

fTPM Voltage Fault Injection

Bulletin ID:AMD-SB-4005 Potential Impact: Arbitrary Code Execution Severity:High Summary CVE-2023-20589 Researchers at the Technische Universität Berlin have reported the use of voltage fault injection attacks on ASP secure boot targeting fTPM. An attacker with specialized hardware and physical...

2022 Top Routinely Exploited Vulnerabilities

SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) Australia: Australian Signals Directorate’s...

Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures

A Russia-nexus adversary has been linked to 94 new domains starting March 2023, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities. Cybersecurity firm Recorded Future linked the revamped infrastructure to a threat actor it...

Stable Channel Update for Desktop

The Stable channel has been updated to 115.0.5790.170 for Mac and Linux and 115.0.5790.170/.171 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

CVE-2023-3718

An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker...

InsightAppSec Advanced Authentication Settings: Token Replacement

There are many different ways to use InsightAppSec to authenticate to web apps, but sometimes you need to go deeper into the advanced settings to fully automate your logins, especially with API scanning. Today, we’ll cover one of those advanced settings: Token Replacement. InsightAppSec Token...

Hackers Deploy "SUBMARINE" Backdoor in Barracuda Email Security Gateway Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday disclosed details of a "novel persistent backdoor" called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway (ESG) appliances. "SUBMARINE comprises multiple artifacts —...

Yelp: yelp.com and biz.yelp.com ATO via XSS + Cookie Bridge

Summary I've found an XSS on biz.yelp.com where the unverified email will be reflected in a message, prompting the user to verify the email. This XSS can be combined with the cookie bridge functionality to target other uses with the XSS. The XSS can then be combined with the cookie bridge a second....

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)

Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities....

Apple TV < 16.6 Multiple Vulnerabilities (HT213846)

According to its banner, the version of Apple TV on the remote device is prior to 16.6. It is therefore affected by multiple vulnerabilities as described in the...

EulerOS Virtualization 3.0.6.6 : edk2 (EulerOS-SA-2023-2443)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R)...

5000-years.org Cross Site Scripting vulnerability OBB-3549149

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass (CVE-2015-0721)

Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection...

Cisco Multiple Vulnerabilities in NX-OS-Based Products (CVE-2013-1179)

Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to execute arbitrary code via a crafted SNMP...

Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service (CVE-2022-20623)

A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error....

Cisco NX-OS Software Privilege Escalation (CVE-2019-1603)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the...

Cisco Nexus 9000 Series Switches Reserved VLAN Number (CVE-2015-6295)

Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560. This plugin only....

Cisco Nexus Series Switches Telnet CLI Command Injection (CVE-2017-6650)

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An...

Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service (CVE-2018-0291)

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP...

Cisco NX-OS Software Role-Based Access Control Elevated Privileges (CVE-2018-0293)

A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is.....

Cisco NX-OS Software NX-API Privilege Escalation (CVE-2018-0330)

A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain...

Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read (CVE-2021-1583)

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper...

Cisco Nexus 9000 Series Fabric Switches ACI Mode Link Layer Discovery Protocol Port Denial of Service (CVE-2021-1231)

A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to...

Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow (CVE-2019-1901)

A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root...

Cisco Nexus 7000 Series Switches Access-Control Filtering Mechanisms Bypass (CVE-2017-3875)

An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypass defined traffic configured within an access control list (ACL) on the affected system. More...

Cisco Nexus 9000 Series Switches Telnet Login Denial of Service (CVE-2017-3878)

A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt to fail. There is.....

Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service (CVE-2018-0310)

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because.....

Cisco Nexus 1000V Insufficient VSM/VEM Authentication (CVE-2013-1211)

Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832....

Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service (CVE-2021-1523)

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result...

Cisco Multiple Vulnerabilities in NX-OS-Based Products (CVE-2013-1178)

Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before...

Cisco NX-OS Software SNMP Information Disclosure (CVE-2014-3341)

The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616. This plugin only...

Cisco NX-OS Software Information Disclosure (CVE-2012-4090)

The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. This plugin only works with Tenable.ot. Please visit...

Cisco NX-OS Software Link Layer Discovery Protocol Denial of Service (CVE-2015-4197)

Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Cisco Application Policy Infrastructure Controller Unauthorized Access (CVE-2015-4225)

Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuq77485. This plugin only works...

Cisco NX-OS Border Gateway Protocol Denial of Service (CVE-2016-1454)

Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and....

Cisco NX-OS Software NX-API Arbitrary Code Execution (CVE-2018-0301)

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the...

Cisco NX-OS Software CLI Arbitrary Command Execution (CVE-2018-0306)

A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by...

Cisco NX-OS Software CLI Arbitrary Command Injection (CVE-2018-0307)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting...

Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service (CVE-2018-0378)

A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of...

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2023-2443)

The remote host is missing an update for the Huawei...

Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification (CVE-2019-1808)

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures....

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape (CVE-2019-1591)

A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a.....

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Privilege Escalation (CVE-2019-1592)

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient...

Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service (CVE-2019-1594)

A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL)....

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could....

Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service (CVE-2015-6393)

Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733,...

Cisco Multiple Vulnerabilities in NX-OS-Based Products (CVE-2013-1180)

Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54822. This plugin.....