Page 17 of 344 results (0.005 seconds)

CVSS: 7.4EPSS: 0%CPEs: 132EXPL: 0

A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of LLDP messages in the PROFINET LLDP message handler. An attacker could exploit this vulnerability by sending a malicious LLDP message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload. Una vulnerabilidad en el manejador PROFINET para los mensajes Link Layer Discovery Protocol (LLDP) de Cisco IOS Software y Cisco IOS XE Software, podría permitir a un atacante adyacente no autenticado causar un bloqueo en un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-profinet-dos-65qYG3W5 • CWE-388: 7PK - Errors CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device. The vulnerability is due to insufficient input validation during authentication. An attacker could exploit this vulnerability by entering unexpected characters during a valid authentication. A successful exploit could allow the attacker to crash the web server on the device, which must be manually recovered by disabling and re-enabling the web server. Una vulnerabilidad en la autenticación del servidor web de Cisco IOS XE Software, podría permitir a un atacante remoto autenticado bloquear el servidor web en el dispositivo. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-WEB-UI-exNFmcPO • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ios-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.7EPSS: 0%CPEs: 155EXPL: 0

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-20: Improper Input Validation CWE-118: Incorrect Access of Indexable Resource ('Range Error') •

CVSS: 7.7EPSS: 0%CPEs: 58EXPL: 0

A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is returned for Cisco Discovery Protocol queries to SNMP. An attacker could exploit this vulnerability by sending a request for Cisco Discovery Protocol information by using SNMP. An exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la implementación de Simple Network Management Protocol (SNMP) en Cisco ASR 920 Series Aggregation Services Router modelo ASR920-12SZ-IM, podría permitir a un atacante remoto autenticado causar que el dispositivo se vuelva a cargar. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr920-ABjcLmef • CWE-19: Data Processing Errors •