CVSS: 6.9EPSS: 0%CPEs: 24EXPL: 0CVE-2021-34723 – Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2021-34723
A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device. Una vulnerabilidad en un comando CLI específico que se ejecuta en Cisco IOS XE SD-WAN Software podría permitir a un atacante local autenticado sobrescribir archivos arbitrarios en la base de datos de configuración de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-arbfileov-MVOF3ZZn • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.8EPSS: 0%CPEs: 203EXPL: 0CVE-2021-34703 – Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34703
A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a specific state. An unauthenticated, adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then waiting for an administrator of the device or a network management system (NMS) managing the device to retrieve the LLDP neighbor table of the device via either the CLI or SNMP. An authenticated, adjacent attacker with SNMP read-only credentials or low privileges on the device CLI could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then accessing the LLDP neighbor table via either the CLI or SNMP. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-dos-sBnuHSjT • CWE-456: Missing Initialization of a Variable CWE-665: Improper Initialization •
CVSS: 7.7EPSS: 0%CPEs: 834EXPL: 0CVE-2021-34699 – Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34699
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en el analizador TrustSec CLI de Cisco IOS and Cisco IOS XE Software podría permitir a un atacante remoto y autenticado causar una recarga de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2 • CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities CWE-436: Interpretation Conflict •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34697 – Cisco IOS XE Software Protection Against Distributed Denial of Service Attacks Feature Vulnerability
https://notcve.org/view.php?id=CVE-2021-34697
A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) attacks to or through the affected device. This vulnerability is due to incorrect programming of the half-opened connections limit, TCP SYN flood limit, or TCP SYN cookie features when the features are configured in vulnerable releases of Cisco IOS XE Software. An attacker could exploit this vulnerability by attempting to flood traffic to or through the affected device. A successful exploit could allow the attacker to initiate a DoS attack to or through an affected device. Una vulnerabilidad en la funcionalidad Protection Against Distributed Denial of Service Attacks de Cisco IOS XE Software podría permitir a un atacante remoto no autenticado realizar ataques de denegación de servicio (DoS) al dispositivo afectado o mediante él. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-tguGuYq • CWE-665: Improper Initialization •
CVSS: 5.8EPSS: 0%CPEs: 23EXPL: 0CVE-2021-34696 – Cisco ASR 900 and ASR 920 Series Aggregation Services Routers Access Control List Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-34696
A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Una vulnerabilidad en la programación de la lista de control de acceso (ACL) de Cisco ASR 900 and ASR 920 Series Aggregation Services Routers podría permitir a un atacante remoto no autenticado omitir una ACL configurada. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr900acl-UeEyCxkv • CWE-284: Improper Access Control •