CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-20717 – Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20717
A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. Una vulnerabilidad en el proceso NETCONF de los routers Cisco SD-WAN vEdge podría permitir a un atacante local autenticado causar a un dispositivo afectado quedarse sin memoria, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vedge-dos-jerVm4bB • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2022-27505
https://notcve.org/view.php?id=CVE-2022-27505
Reflected cross site scripting (XSS) Una vulnerabilidad de tipo cross site scripting (XSS) Reflejado • https://support.citrix.com/article/CTX370550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 32EXPL: 0CVE-2022-27506
https://notcve.org/view.php?id=CVE-2022-27506
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI Unas credenciales embebidas permiten a administradores acceder al shell por medio de la CLI de SD-WAN • https://support.citrix.com/article/CTX370550 • CWE-798: Use of Hard-coded Credentials •