Filtered by vendor Cisco Subscriptions
Filtered by product Nexus 1000ve Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-3120 1 Cisco 144 Asr 9000v, Asr 9001, Asr 9006 and 141 more 2024-11-15 6.5 Medium
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
CVE-2020-3172 1 Cisco 107 Firepower 4110, Firepower 4115, Firepower 4120 and 104 more 2024-11-15 8.8 High
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability.
CVE-2022-20625 1 Cisco 110 Firepower 4110, Firepower 4112, Firepower 4115 and 107 more 2024-11-06 4.3 Medium
A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart.
CVE-2020-10136 4 Cisco, Digi, Hp and 1 more 63 Nexus 1000v, Nexus 1000ve, Nexus 3016 and 60 more 2024-09-17 5.3 Medium
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
CVE-2019-1735 1 Cisco 82 Mds 9000, Mds 9100, Mds 9200 and 79 more 2024-09-16 7.8 High
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability.