CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2019-1742 – Cisco IOS XE Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1742
A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information. Una vulnerabilidad en la interfaz web del software Cisco IOS XE podría permitir que un atacante remoto no autenticado acceda a información sensible sobre la configuración. • http://www.securityfocus.com/bid/107600 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xeid • CWE-16: Configuration •
CVSS: 8.8EPSS: 0%CPEs: 31EXPL: 0CVE-2019-1743 – Cisco IOS XE Software Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2019-1743
A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device. Una vulnerabilidad en el framework de la interfaz web del software Cisco IOS XE podría permitir que un atacante remoto autenticado realice cambios no autorizados en el sistema de archivos del dispositivo afectado. • http://www.securityfocus.com/bid/107591 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-afu • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 149EXPL: 0CVE-2019-1740 – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1740
A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la funcionalidad NBAR (Network-Based Application Recognition) de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque que el dispositivo afectado se recargue. • http://www.securityfocus.com/bid/107597 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 164EXPL: 0CVE-2019-1739 – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1739
A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la funcionalidad NBAR (Network-Based Application Recognition) de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque que el dispositivo afectado se recargue. • http://www.securityfocus.com/bid/107597 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 164EXPL: 0CVE-2019-1738 – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1738
A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la funcionalidad NBAR (Network-Based Application Recognition) de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque que el dispositivo afectado se recargue. • http://www.securityfocus.com/bid/107597 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar • CWE-20: Improper Input Validation •