Page 10 of 142 results (0.004 seconds)

CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0

A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. Una vulnerabilidad en el subsistema de autorización del software Cisco IOS XE podría permitir que un atacante remoto autenticado sin privilegios (nivel 1) ejecute comandos Cisco IOS privilegiados mediante el uso de la interfaz web. • http://www.securityfocus.com/bid/107590 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-privesc • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •

CVSS: 9.0EPSS: 0%CPEs: 38EXPL: 0

A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device. Una vulnerabilidad en la función WSMA (Web Services Management Agent) del software Cisco IOS XE podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios de Cisco IOS como usuario con nivel 15 de privilegios. • http://www.securityfocus.com/bid/107380 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj • CWE-20: Improper Input Validation •

CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0

A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system. Una vulnerabilidad en el software Cisco IOS XE podría permitir que un atacante remoto autenticado ejecute comandos en el shell de Linux subyacente de un dispositivo afectado con privilegios root. • http://www.securityfocus.com/bid/107598 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinject • CWE-20: Improper Input Validation •

CVSS: 9.0EPSS: 0%CPEs: 15EXPL: 0

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. Una vulnerabilidad en la interfaz web del software Cisco IOS XE podría permitir que un atacante remoto autenticado sin privilegios (nivel 1) ejecute comandos Cisco IOS privilegiados mediante el uso de la interfaz web. • http://www.securityfocus.com/bid/107602 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-pe • CWE-20: Improper Input Validation •

CVSS: 7.4EPSS: 0%CPEs: 42EXPL: 0

A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol (CDP) packets used with the Easy Virtual Switching System. An attacker could exploit this vulnerability by sending a specially crafted CDP packet. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en el VSS (Easy Virtual Switching System) del software Cisco IOS XE en los switches Catalyst 4500 Series podría permitir que un atacante adyacente no autenticado provoque la recarga de los switches. • http://www.securityfocus.com/bid/107607 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-evss • CWE-20: Improper Input Validation CWE-388: 7PK - Errors •