CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0CVE-2021-1381 – Cisco IOS XE Software Active Debug Code Vulnerability
https://notcve.org/view.php?id=CVE-2021-1381
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could exploit this vulnerability by running commands on the hardware platform to open a debugging console. A successful exploit could allow the attacker to access a debugging console. Una vulnerabilidad en el Software Cisco IOS XE, podría permitir a un atacante local autenticado con altos privilegios o un atacante no autenticado con acceso físico al dispositivo abrir una consola de depuración. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-BLKH-Ouvrnf2s • CWE-489: Active Debug Code •
CVSS: 7.4EPSS: 0%CPEs: 89EXPL: 0CVE-2021-1352 – Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1352
A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Una vulnerabilidad en el procesamiento del protocolo DECnet Phase IV y DECnet/OSI del Software Cisco IOS XE, podría permitir a un atacante adyacente no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2021-1356 – Cisco IOS XE Software Web UI Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1356
Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.6EPSS: 0%CPEs: 32EXPL: 0CVE-2021-1373 – Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1373
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. Una vulnerabilidad en el procesamiento del protocolo Control and Provisioning of Wireless Access Points (CAPWAP) del Software Cisco IOS XE Wireless Controller para los Controladores Wireless de la Familia Cisco Catalyst 9000, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-2OA3JgKS • CWE-126: Buffer Over-read •
CVSS: 7.2EPSS: 0%CPEs: 74EXPL: 0CVE-2021-1390 – Cisco IOS XE Software Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1390
A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnerability exists because the affected software permits modification of the run-time memory of an affected device under specific circumstances. An attacker could exploit this vulnerability by authenticating to the affected device and issuing a specific diagnostic test command at the CLI. A successful exploit could trigger a logic error in the code that was designed to restrict run-time memory modifications. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-OFP-6Nezgn7b • CWE-123: Write-what-where Condition •