CVSS: 9.0EPSS: 0%CPEs: 83EXPL: 0CVE-2020-3229 – Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3229
A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user. Una vulnerabilidad en la funcionalidad Role Based Access Control (RBAC) de Cisco IOS XE Web Management Software, podría permitir a un atacante remoto autenticado Read-Only ejecutar comandos o cambios de configuración como usuario administrador. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 8.6EPSS: 0%CPEs: 260EXPL: 0CVE-2020-3226 – Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3226
A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on received SIP messages. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service condition. Una vulnerabilidad en la biblioteca Session Initiation Protocol (SIP) de Cisco IOS Software y Cisco IOS XE Software, podría permitir que un atacante remoto no autenticado desencadene una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sip-Cv28sQw2 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2020-3224 – Cisco IOS XE Software Web UI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-3224
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be executed. The vulnerability is due to insufficient input validation of specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific web UI endpoint on an affected device. A successful exploit could allow the attacker to inject IOS commands to the affected device, which could allow the attacker to alter the configuration of the device or cause a denial of service (DoS) condition. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-zM283Zdw • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-3223 – Cisco IOS XE Software Web UI Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2020-3223
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web UI. An exploit could allow the attacker to read arbitrary files from the underlying operating system's filesystem. Una vulnerabilidad en la interfaz de usuario basada en web (IU web) de Cisco IOS XE Software, podría permitir a un atacante remoto autenticado con privilegios administrativos leer archivos arbitrarios en el sistema de archivos subyacente del dispositivo. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-filerd-HngnDYGk • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2020-3222 – Cisco IOS XE Software Web UI Unauthenticated Proxy Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3222
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to the proxy service. An exploit could allow the attacker to bypass access restrictions on the network by proxying their access request through the management network of the affected device. As the proxy is reached over the management virtual routing and forwarding (VRF), this could reduce the effectiveness of the bypass. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-unauthprxy-KXXsbWh • CWE-17: DEPRECATED: Code •