CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2022-20847 – Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family DHCP Processing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20847
A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malicious DHCP messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Una vulnerabilidad en la funcionalidad de procesamiento de DHCP del software Cisco IOS XE Wireless Controller para la familia Catalyst 9000 podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dhcp-dos-76pCjPxK • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20844 – Cisco Software-Defined Application Visibility and Control on Cisco vManage Static Username and Password Vulnerability
https://notcve.org/view.php?id=CVE-2022-20844
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses. Una vulnerabilidad en el mecanismo de autenticación de Cisco Software-Defined Application Visibility and Control (SD-AVC) en Cisco vManage podría permitir a un atacante remoto no autenticado acceder a la GUI de Cisco SD-AVC usando una combinación estática predeterminada de nombre de usuario y contraseña. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdavc-ZA5fpXX2 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 83EXPL: 1CVE-2022-20818 – Cisco SD-WAN Software Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20818
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Múltiples vulnerabilidades en la CLI del software Cisco SD-WAN podrían permitir a un atacante local autenticado conseguir altos privilegios. • https://github.com/mbadanoiu/CVE-2022-20818 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-25: Path Traversal: '/../filedir' •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-20810 – Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20810
A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device. Una vulnerabilidad en el Protocolo simple de administración de redes (SNMP) del software Cisco IOS XE Wireless Controller para la familia Catalyst 9000 podría permitir a un atacante remoto autenticado acceder a información confidencial. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 7.8EPSS: 0%CPEs: 91EXPL: 1CVE-2022-20775 – Cisco SD-WAN Software Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20775
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Varias vulnerabilidades en la CLI del software Cisco SD-WAN podrían permitir a un atacante local autenticado conseguir altos privilegios. • https://github.com/orangecertcc/security-research/security/advisories/GHSA-wmjv-552v-pxjc https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-25: Path Traversal: '/../filedir' •