CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2022-20827 – Cisco Small Business RV Series Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20827
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en los routers Cisco Small Business de las series RV160, RV260, RV340 y RV345 podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o causar una denegación de servicio (DoS) en un dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wfapp application. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2022-20912 – Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20912
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAK • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20913 – Cisco Nexus Dashboard Arbitrary File Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-20913
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. Una vulnerabilidad en Cisco Nexus Dashboard podría permitir a un atacante remoto autenticado escribir archivos arbitrarios en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-afw-2MT9tb99 • CWE-20: Improper Input Validation CWE-23: Relative Path Traversal •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20916 – Cisco IoT Control Center Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2022-20916
A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Una vulnerabilidad en la interfaz de administración basada en web de Cisco IoT Control Center podría permitir a un atacante remoto no autenticado realizar un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iotcc-xss-WQrCLRVd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20909 – Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20909
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. Múltiples vulnerabilidades en Cisco Nexus Dashboard podrían permitir a un atacante local autenticado elevar los privilegios en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5 • CWE-20: Improper Input Validation CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •