CVE-2019-1761 – Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2019-1761
A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device. Una vulnerabilidad en el subsistema Hot Standby Router Protocol (HSRP) de los softwares Cisco IOS y IOS XE podría permitir que un atacante adyacente sin autenticar reciba información potencialmente sensible desde un dispositivo afectado. • http://www.securityfocus.com/bid/107620 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ios-infoleak • CWE-665: Improper Initialization •
CVE-2019-1756 – Cisco IOS XE Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1756
A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system. Una vulnerabilidad en el software Cisco IOS XE podría permitir que un atacante remoto autenticado ejecute comandos en el shell de Linux subyacente de un dispositivo afectado con privilegios root. • http://www.securityfocus.com/bid/107598 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinject • CWE-20: Improper Input Validation •
CVE-2019-1752 – Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1752
A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. Una vulnerabilidad en las funciones ISDN de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque que el dispositivo afectado se recargue. • http://www.securityfocus.com/bid/107589 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn • CWE-20: Improper Input Validation •
CVE-2019-1751 – Cisco IOS Software NAT64 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1751
A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent through the device. An attacker could exploit this vulnerability by sending specific IPv4 packet streams through the device. An exploit could allow the attacker to either cause an interface queue wedge or a device reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en las funciones NAT64 (Network Address Translation 64) del software Cisco IOS podría permitir que un atacante remoto no autenticado provoque un "wedge" en la cola de la interfaz o la recarga del dispositivo. • http://www.securityfocus.com/bid/107601 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nat64 • CWE-20: Improper Input Validation •
CVE-2019-1747 – Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1747
A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions. Una vulnerabilidad en la implementación de la funcionalidad de manejo de SMS (Short Message Service) del software Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado cree una condición de denegación de servicio (DoS) en un dispositivo afectado. • http://www.securityfocus.com/bid/107599 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-sms-dos • CWE-20: Improper Input Validation •