Page 12 of 63 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1762EXPL: 0

A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device. Una vulnerabilidad en el subsistema Hot Standby Router Protocol (HSRP) de los softwares Cisco IOS y IOS XE podría permitir que un atacante adyacente sin autenticar reciba información potencialmente sensible desde un dispositivo afectado. • http://www.securityfocus.com/bid/107620 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ios-infoleak • CWE-665: Improper Initialization •

CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0

A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system. Una vulnerabilidad en el software Cisco IOS XE podría permitir que un atacante remoto autenticado ejecute comandos en el shell de Linux subyacente de un dispositivo afectado con privilegios root. • http://www.securityfocus.com/bid/107598 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinject • CWE-20: Improper Input Validation •

CVSS: 8.6EPSS: 0%CPEs: 322EXPL: 0

A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. Una vulnerabilidad en las funciones ISDN de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque que el dispositivo afectado se recargue. • http://www.securityfocus.com/bid/107589 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 155EXPL: 0

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands. An exploit could allow the attacker to gain root privileges on the affected device. Una vulnerabilidad en el software Cisco IOS XE podría permitir que un atacante local autenticado inyecte comandos arbitrarios que se ejecutan con privilegios elevados. • http://www.securityfocus.com/bid/107588 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xecmd • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a missing check in the SSH server. An attacker could use this vulnerability to open an SSH connection to an affected Cisco IOS or IOS XE device with a source address belonging to a VRF instance. Once connected, the attacker would still need to provide valid credentials to access the device. Una vulnerabilidad en la lógica de control de acceso del servidor SSH (Secure Shell) del software de Cisco IOS e IOS XE podría permitir conexiones originadas desde una instancia VRF (Virtual Routing and Forwarding) a pesar de la ausencia de la palabra clave vrf-also en la configuración de access-class. • http://www.securityfocus.com/bid/106560 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ios-ssh-vrf • CWE-284: Improper Access Control •