CVSS: 8.6EPSS: 0%CPEs: 14EXPL: 0CVE-2021-1622 – Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Common Open Policy Service Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1622
A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. This vulnerability is due to a deadlock condition in the code when processing COPS packets under certain conditions. An attacker could exploit this vulnerability by sending COPS packets with high burst rates to an affected device. A successful exploit could allow the attacker to cause the CPU to consume excessive resources, which prevents other control plane processes from obtaining resources and results in a DoS. Una vulnerabilidad en el Servicio de Política Abierta Común (COPS) de Cisco IOS XE Software para Cisco cBR-8 Converged Broadband Routers podría permitir a un atacante remoto no autenticado causar el agotamiento de los recursos, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8-cops-Vc2ZsJSx • CWE-667: Improper Locking CWE-833: Deadlock •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2021-1220 – Cisco IOS XE Software Web UI Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1220
Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2021-1356 – Cisco IOS XE Software Web UI Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1356
Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.8EPSS: 0%CPEs: 302EXPL: 0CVE-2021-1377 – Cisco IOS and IOS XE Software ARP Resource Management Exhaustion Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1377
A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful for legitimate hosts, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la administración del Address Resolution Protocol (ARP) del Software Cisco IOS y el Software Cisco IOS XE, podría permitir a un atacante remoto no autenticado impedir que un dispositivo afectado resuelva entradas ARP para hosts legítimos en las subredes conectadas. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arp-mtfhBfjE • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1CVE-2021-1382 – Cisco IOS XE SD-WAN Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1382
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root privileges. • https://github.com/orangecertcc/security-research/security/advisories/GHSA-7xfm-92p7-qc57 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwcinj-t68PPW7m • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •