CVSS: 8.8EPSS: 0%CPEs: 131EXPL: 0CVE-2020-3141 – Cisco IOS XE Software Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3141
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el framework de administración web de Cisco IOS XE Software, podrían permitir a un atacante remoto autenticado con privilegios de solo lectura elevar los privilegios al nivel de un usuario administrador en un dispositivo afectado. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 20EXPL: 0CVE-2020-3465 – Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3465
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en Cisco IOS XE Software, podría permitir a un atacante adyacente no autenticado causar la recarga de un dispositivo. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 149EXPL: 0CVE-2020-3508 – Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3508
A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload. Una vulnerabilidad en la funcionalidad de Address Resolution Protocol (ARP) de IP de Cisco IOS XE Software para Cisco ASR 1000 Series Aggregation Services Routers con un Embedded Services Processor (ESP) de 20-Gbps instalado, podría permitir a un atacante adyacente no autenticado causar la recarga de un dispositivo afectado, resultando en una condición de denegación de servicio. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esp20-arp-dos-GvHVggqJ • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0467 – Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0467
A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. Una vulnerabilidad en el código de procesamiento IPv6 en Cisco IOS y Cisco IOS XE Software podría permitir que un atacante remoto sin autenticar haga que el dispositivo se reinicie. • http://www.securitytracker.com/id/1041737 https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipv6hbh • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 48EXPL: 0CVE-2018-0165
https://notcve.org/view.php?id=CVE-2018-0165
A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. • http://www.securityfocus.com/bid/103568 http://www.securitytracker.com/id/1040592 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp • CWE-399: Resource Management Errors CWE-772: Missing Release of Resource after Effective Lifetime •