cisco

Cisco NX-OS System Software in ACI Mode

182 Versions 4 CVEs

Versions

Recent CVEs

CVE-2024-20397

A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.  This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.

MEDIUM Dec 04, 2024

CVE-2024-20289

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.

MEDIUM Aug 28, 2024

CVE-2024-20294

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).

MEDIUM Feb 28, 2024

CVE-2023-20185

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites. Cisco has not released and will not release software updates that address this vulnerability.

HIGH Jul 12, 2023

Cisco NX-OS System Software in ACI Mode

Versions

13.2(3o)

12.0(2h)

14.1(1i)

14.2(7s)

15.2(8i)

15.2(4d)

14.2(1l)

12.1(2e)

12.0(1n)

13.2(5d)

13.0(2k)

15.2(3f)

15.2(8e)

14.1(2w)

13.2(3i)

12.1(3h)

12.2(1n)

13.2(7f)

16.0(6c)

13.2(5e)

13.1(2q)

13.0(2h)

14.2(6g)

12.1(1i)

12.2(3s)

12.3(1l)

16.0(5h)

15.2(4f)

14.1(1j)

13.1(2p)

14.2(3n)

13.0(2n)

13.2(41d)

15.2(6e)

15.2(8d)

13.2(2l)

15.0(1k)

16.0(3d)

14.2(1j)

13.1(1i)

16.0(5j)

13.1(2t)

14.1(2m)

15.2(2h)

15.3(2c)

15.2(3e)

13.1(2v)

12.2(3r)

12.1(2k)

14.0(1h)

12.1(3g)

12.3(1o)

14.2(5k)

16.0(1j)

13.1(2s)

13.2(4e)

15.1(2e)

12.3(1e)

14.2(7f)

12.0(1m)

13.2(9f)

14.0(3d)

12.0(1p)

12.0(1o)

14.2(3l)

13.2(10f)

16.0(4c)

14.0(2c)

12.0(1r)

12.0(2o)

15.3(1d)

14.2(2f)

12.1(3j)

14.1(2s)

14.2(1i)

13.2(6i)

12.2(2k)

15.1(3e)