CVSS: 9.0EPSS: 0%CPEs: 271EXPL: 0CVE-2024-20381 – Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-20381
11 Sep 2024 — A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management interfaces of Cisco Crosswork Network Services Orchestrator (NSO), Cisco Optical Site Manager, and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device. This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could explo... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp • CWE-285: Improper Authorization •
CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0CVE-2024-20398 – Cisco IOS XR Software Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20398
11 Sep 2024 — A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 86EXPL: 0CVE-2024-20390 – Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20390
11 Sep 2024 — A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack tr... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 5.5EPSS: 0%CPEs: 66EXPL: 0CVE-2024-20343 – Cisco IOS XR Software CLI Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2024-20343
11 Sep 2024 — A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful expl... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-shellutil-HCb278wD • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 93EXPL: 0CVE-2024-20319
https://notcve.org/view.php?id=CVE-2024-20319
13 Mar 2024 — A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 82EXPL: 0CVE-2024-20262
https://notcve.org/view.php?id=CVE-2024-20262
13 Mar 2024 — A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or S... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw • CWE-269: Improper Privilege Management •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-20322
https://notcve.org/view.php?id=CVE-2024-20322
13 Mar 2024 — A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 91EXPL: 0CVE-2024-20266
https://notcve.org/view.php?id=CVE-2024-20266
13 Mar 2024 — A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to c... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-3tgPKRdm • CWE-476: NULL Pointer Dereference •