CVSS: 7.4EPSS: 0%CPEs: 567EXPL: 0CVE-2019-1746 – Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1746
A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically. • http://www.securityfocus.com/bid/107612 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 155EXPL: 0CVE-2019-1745 – Cisco IOS XE Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1745
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands. An exploit could allow the attacker to gain root privileges on the affected device. Una vulnerabilidad en el software Cisco IOS XE podría permitir que un atacante local autenticado inyecte comandos arbitrarios que se ejecutan con privilegios elevados. • http://www.securityfocus.com/bid/107588 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xecmd • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2019-1742 – Cisco IOS XE Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1742
A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information. Una vulnerabilidad en la interfaz web del software Cisco IOS XE podría permitir que un atacante remoto no autenticado acceda a información sensible sobre la configuración. • http://www.securityfocus.com/bid/107600 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xeid • CWE-16: Configuration •
CVSS: 8.6EPSS: 0%CPEs: 149EXPL: 0CVE-2019-1740 – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1740
A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la funcionalidad NBAR (Network-Based Application Recognition) de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque que el dispositivo afectado se recargue. • http://www.securityfocus.com/bid/107597 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 14EXPL: 0CVE-2019-1741 – Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1741
A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Una vulnerabilidad en la característica ETA (Cisco Encrypted Traffic Analytics) del software Cisco IOS XE podría permitir que un atacante remoto sin autenticar provoque una denegación de servicio (DoS). • http://www.securityfocus.com/bid/107614 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-eta-dos • CWE-20: Improper Input Validation CWE-416: Use After Free •