CVSS: 6.7EPSS: 0%CPEs: 64EXPL: 0CVE-2023-20097 – Cisco Access Point Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-20097
23 Mar 2023 — A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 64EXPL: 0CVE-2023-20056 – Cisco Access Point Software Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-20056
23 Mar 2023 — A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to cause an affected device to reload spontaneously, resu... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-cli-dos-tc2EKEpu • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2017-3831 – Cisco Security Advisory 20170315-ap1800
https://notcve.org/view.php?id=CVE-2017-3831
15 Mar 2017 — A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the ... • http://www.securityfocus.com/bid/96909 • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6362
https://notcve.org/view.php?id=CVE-2016-6362
22 Aug 2016 — Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725. Dispositivos Cisco Aironet 1800, 2800 y 3800 con software en versiones anteriores a 8.2.110.0, 8.2.12x en versiones anteriores a 8.2.121.0 y 8.3.x en versiones anteriores a 8.3.102.0 permiten a usuarios locales obtener privilegios a través de parámetros CLI manipulados, también conocido como Bug... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6363
https://notcve.org/view.php?id=CVE-2016-6363
22 Aug 2016 — The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192. La función de la velocidad límite en el protocolo de implementación 802.11 en dispositivos Cisco Aironet 1800, 2800 y 3800 con software en versiones anteriores a 8.2.121.0 y 8.3.x en versiones anteriores a 8.3.102.0 permite a at... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6361
https://notcve.org/view.php?id=CVE-2016-6361
22 Aug 2016 — The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288. La implementación de Aggregated MAC Protocol Data Unit (AMPDU) en dispositivos Cisco Aironet 1800, 2800 y 3800 con software en versiones anteriores a 8.2.121.0 y 8.3.x en versiones anteriores 8.3.102.0 permite a atacantes remot... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2015-6336
https://notcve.org/view.php?id=CVE-2015-6336
15 Jan 2016 — Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062. Dispositivos Cisco Aironet 1800 con software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4) y 8.1(15.14) tienen una cuenta por defecto, lo que hace que sea más fácil para atacantes remotos obtener acceso a través de vectores no especificados, también conocido como Bug ID CSCuw58062. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-air • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-6320
https://notcve.org/view.php?id=CVE-2015-6320
15 Jan 2016 — The IP ingress packet handler on Cisco Aironet 1800 devices with software 8.1(112.3) and 8.1(112.4) allows remote attackers to cause a denial of service via a crafted header in an IP packet, aka Bug ID CSCuv63138. El manejador de paquetes IP de entrada en dispositivos Cisco Aironet 1800 con software 8.1(112.3) and 8.1(112.4) permite a atacantes remotos causar una denegación de servicio a través de una cabecera manipulada en un paquete IP, también conocido como Bug ID CSCuv63138. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-aironet • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6367
https://notcve.org/view.php?id=CVE-2015-6367
14 Nov 2015 — Cisco Aironet 1800 devices with software 8.1(131.0) allow remote attackers to cause a denial of service (CPU consumption) by improperly establishing many SSHv2 connections, aka Bug ID CSCux13374. Dispositivos Cisco Aironet 1800 con software 8.1(131.0) permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el establecimiento indebido de muchas conexiones SSHv2, también conocido como Bug ID CSCux13374. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151113-aironet • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6315
https://notcve.org/view.php?id=CVE-2015-6315
13 Oct 2015 — Cisco Aironet 1850 access points with software 8.1(112.4) allow local users to gain privileges via crafted CLI commands, aka Bug ID CSCuv79694. Puntos de acceso Cisco Aironet 1850 con software 8.1(112.4) permiten a usuarios locales ganar privilegios a través de comandos CLI manipulados, también conocido como Bug ID CSCuv79694. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151005-aironet • CWE-264: Permissions, Privileges, and Access Controls •