CVSS: 8.6EPSS: 1%CPEs: 265EXPL: 0CVE-2021-1446 – Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1446
24 Mar 2021 — A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a logic error that occurs when an affected device inspects certain DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through an affected device that is performing NAT for DNS packets. A successful exploit could allow a... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-hbBS7SZE • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 224EXPL: 0CVE-2021-1442 – Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1442
24 Mar 2021 — A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to insufficient protection of sensitive information. An attacker with low privileges could exploit this vulnerability by issuing the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device. A successful exploit coul... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.2EPSS: 0%CPEs: 98EXPL: 0CVE-2020-3417 – Cisco IOS XE Software Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-3417
24 Sep 2020 — A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2019-16009 – Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-16009
23 Sep 2020 — A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ios-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.7EPSS: 0%CPEs: 58EXPL: 0CVE-2020-3232 – Cisco ASR 920 Series Aggregation Services Router Model 12SZ-IM SNMP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3232
03 Jun 2020 — A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is returned for Cisco Discovery Protocol queries to SNMP. An attacker could exploit this vulnerability by sending a request for Cisco Discovery Protocol information by using SNMP. An exploit could allow the attacker to cau... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr920-ABjcLmef • CWE-19: Data Processing Errors •
CVSS: 7.7EPSS: 1%CPEs: 1198EXPL: 0CVE-2020-3200 – Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3200
03 Jun 2020 — A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that conne... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A • CWE-371: State Issues CWE-436: Interpretation Conflict •
CVSS: 7.5EPSS: 2%CPEs: 792EXPL: 0CVE-2020-3230 – Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3230
03 Jun 2020 — A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach the maximum... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-9p23Jj2a • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 679EXPL: 0CVE-2020-3217 – Cisco IOS, IOS XE, IOS XR, and NX-OS Software One Platform Kit Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-3217
03 Jun 2020 — A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit this vulnerability ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 224EXPL: 0CVE-2020-3215 – Cisco IOS XE Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3215
03 Jun 2020 — A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device. Una vulnerabilidad en el Virtual Services Container de Cisco IOS XE Software, podría permitir a un atacante local autenticado conseguir priv... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc1-OKMKFRhV • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 192EXPL: 0CVE-2020-3213 – Cisco IOS XE Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3213
03 Jun 2020 — A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up. An exploit could allow the attacker to elevate from a Priv15 user to the root user and execute arbitrary comm... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc3-GMgnGCHx • CWE-264: Permissions, Privileges, and Access Controls •