Stephen Kubik

**Name of the Vulnerable Software and Affected Versions** Step CA (affected versions not specified) **Description** A critical issue in Step CA allows for unauthenticated bypass, enabling the issuance of fraudulent certificates. This compromises trust in potentially millions of sites. The issue allows attackers to bypass security measures and generate unauthorized digital certificates, which could be used for malicious purposes such as phishing or man-in-the-middle attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode (affected versions not specified) **Description** The issue is related to insufficient validation of specific elements within a software image in the software upgrade process. This could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. An attacker could exploit this by installing a crafted image, potentially allowing the execution of arbitrary commands on the underlying operating system with root privileges. **Recommendations** For Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode, validate the hash of any software image before installation to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco NX-OS Software (affected versions not specified) **Description** A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.