CVSS: 8.6EPSS: 0%CPEs: 15EXPL: 0CVE-2020-3359 – Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3359
A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device. A successful exploit could cause a device to reload, resulting in a DoS condition. Una vulnerabilidad en la función multicast DNS (mDNS) de Cisco IOS XE Software para Cisco Catalyst 9800 Series Wireless Controllers, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mdns-dos-3tH6cA9J • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-3477 – Cisco IOS and IOS XE Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3477
A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible. Una vulnerabilidad en el analizador de la CLI de Cisco IOS Software y Cisco IOS XE Software, podría permitir a un atacante local autenticado acceder a archivos desde la flash: filesystem. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-info-disclosure-V4BmJBNF • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •