CVSS: 5.3EPSS: 0%CPEs: 91EXPL: 0CVE-2024-20266
https://notcve.org/view.php?id=CVE-2024-20266
A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a crash of the dhcpd process. While the dhcpd process is restarting, which may take approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period and rely on the DHCPv4 server of the affected device. Notes: Only the dhcpd process crashes and eventually restarts automatically. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-3tgPKRdm • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2024-20320
https://notcve.org/view.php?id=CVE-2024-20320
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device. Una vulnerabilidad en la función de cliente SSH del software Cisco IOS XR para los enrutadores Cisco de la serie 8000 y los enrutadores Cisco Network Convergence System (NCS) de las series 540 y 5700 podría permitir que un atacante local autenticado eleve los privilegios en un dispositivo afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.4EPSS: 0%CPEs: 61EXPL: 0CVE-2024-20327
https://notcve.org/view.php?id=CVE-2024-20327
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router. Una vulnerabilidad en la función de terminación de PPP sobre Ethernet (PPPoE) del software Cisco IOS XR para los enrutadores de servicios de agregación Cisco ASR serie 9000 podría permitir que un atacante adyacente no autenticado bloquee el proceso ppp_ma, lo que resultaría en una condición de denegación de servicio (DoS). Esta vulnerabilidad se debe al manejo inadecuado de paquetes PPPoE con formato incorrecto que se reciben en un enrutador que ejecuta la funcionalidad Broadband Network Gateway (BNG) con terminación PPPoE en una tarjeta de línea basada en Lightspeed o Lightspeed-Plus. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pppma-JKWFgneW • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20246
https://notcve.org/view.php?id=CVE-2023-20246
Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system. Varios productos de Cisco se ven afectados por una vulnerabilidad en las políticas de control de acceso de Snort que podría permitir que un atacante remoto no autenticado eluda las políticas configuradas en un sistema afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.2EPSS: 7%CPEs: 127EXPL: 1CVE-2023-20273 – Cisco IOS XE Web UI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-20273
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. Una vulnerabilidad en la función de interfaz de usuario web del software Cisco IOS XE podría permitir que un atacante remoto autenticado inyecte comandos con privilegios de root. • https://github.com/smokeintheshell/CVE-2023-20273 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z/cvrf/cisco-sa-iosxe-webui-privesc-j22SaA4z_cvrf.xml https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting https://www.horizon3.ai/cisco-ios-xe- • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •