CVE-2020-3396 – Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3396
A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges. Una vulnerabilidad en el sistema de archivos en la USB 3.0 Solid State Drive (SSD) conectable para el Cisco IOS XE Software, podría permitir a un atacante físico autenticado eliminar el SSD USB 3.0 y modificar áreas sensibles del sistema de archivos, incluyendo las protecciones del contenedor de espacio de nombres. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-usb-guestshell-WmevScDj • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVE-2020-3399 – Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3399
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient input validation during CAPWAP packet processing. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device, resulting in a buffer over-read. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device. Una vulnerabilidad en el procesamiento del protocolo Control and Provisioning of Wireless Access Points (CAPWAP) de Cisco IOS XE Software para Cisco Catalyst 9800 Series Wireless Controllers Series, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-ShFzXf • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVE-2020-3400 – Cisco IOS XE Software Web UI Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3400
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacker to utilize parts of the web UI for which they are not authorized. This could allow a Read-Only user to perform actions of an Admin user. Una vulnerabilidad en la funcionalidad de la Interfaz de Usuario web de Cisco IOS XE Software, podría permitir a un atacante remoto autenticado usar partes de la Interfaz de Usuario web para las que no está autorizado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-auth-bypass-6j2BYUc7 • CWE-862: Missing Authorization •
CVE-2020-3404 – Cisco IOS XE Software Consent Token Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3404
A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges. Una vulnerabilidad en la CLI Telnet/Secure Shell (SSH) persistente de Cisco IOS XE Software, podría permitir a un atacante local autenticado obtener acceso de shell en un dispositivo afectado y ejecutar comandos en el sistema operativo (SO) subyacente con privilegios root. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ctbypass-7QHAfHkK • CWE-863: Incorrect Authorization •
CVE-2020-3407 – Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3407
A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la función de lista de control de acceso (ACL) de RESTCONF y NETCONF-YANG de Cisco IOS XE Software, podría permitir a un atacante remoto no autenticado causar que el dispositivo se recargue. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO • CWE-476: NULL Pointer Dereference •