CVE-2022-20725 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20725
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el entorno de alojamiento de aplicaciones Cisco IOx en varias plataformas de Cisco podrían permitir a un atacante inyectar comandos arbitrarios en el sistema operativo anfitrión subyacente, ejecutar código arbitrario en el sistema operativo anfitrión subyacente, instalar aplicaciones sin ser autenticado o conducir un ataque de tipo cross-site scripting (XSS) contra un usuario del software afectado. Para más información sobre estas vulnerabilidades, consulte la sección Details de este aviso • https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-qpmg-4qc4 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-12648 – Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability
https://notcve.org/view.php?id=CVE-2019-12648
A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user. Una vulnerabilidad en el entorno de la aplicación IOx para Software Cisco IOS, podría permitir a un atacante remoto autenticado conseguir acceso no autorizado al Sistema Operativo Invitado (SO Invitado) que es ejecutado en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVE-2014-3261
https://notcve.org/view.php?id=CVE-2014-3261
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322. Desbordamiento de buffer en la implementación Smart Call Home en Cisco NX-OS on Fabric Interconnects en Cisco Unified Computing System 1.4 anterior a 1.4(1i), NX-OS 5.0 anterior a 5.0(3)U2(2) en dispositivos Nexus 3000, NX-OS 4.1 anterior a 4.1(2)E1(1l) en dispositivos Nexus 4000, NX-OS 5.x anterior a 5.1(3)N1(1) en dispositivos Nexus 5000, NX-OS 5.2 anterior a 5.2(3a) en dispositivos Nexus 7000 y CG-OS CG4 anterior a CG4(2) en Connected 1000 Connected Grid Routers permite a servidores SMTP remotos ejecutar código arbitrario a través de una respuesta manipulada, también conocido como Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405 y CSCuf61322. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •