CVSS: 7.2EPSS: 0%CPEs: 56EXPL: 0CVE-2020-3396 – Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3396
A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges. Una vulnerabilidad en el sistema de archivos en la USB 3.0 Solid State Drive (SSD) conectable para el Cisco IOS XE Software, podría permitir a un atacante físico autenticado eliminar el SSD USB 3.0 y modificar áreas sensibles del sistema de archivos, incluyendo las protecciones del contenedor de espacio de nombres. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-usb-guestshell-WmevScDj • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 9EXPL: 0CVE-2020-3399 – Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3399
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient input validation during CAPWAP packet processing. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device, resulting in a buffer over-read. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device. Una vulnerabilidad en el procesamiento del protocolo Control and Provisioning of Wireless Access Points (CAPWAP) de Cisco IOS XE Software para Cisco Catalyst 9800 Series Wireless Controllers Series, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-ShFzXf • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-3400 – Cisco IOS XE Software Web UI Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3400
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacker to utilize parts of the web UI for which they are not authorized. This could allow a Read-Only user to perform actions of an Admin user. Una vulnerabilidad en la funcionalidad de la Interfaz de Usuario web de Cisco IOS XE Software, podría permitir a un atacante remoto autenticado usar partes de la Interfaz de Usuario web para las que no está autorizado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-auth-bypass-6j2BYUc7 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-3403 – Cisco IOS XE Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-3403
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cmdinj-2MzhjM6K • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2020-3404 – Cisco IOS XE Software Consent Token Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3404
A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges. Una vulnerabilidad en la CLI Telnet/Secure Shell (SSH) persistente de Cisco IOS XE Software, podría permitir a un atacante local autenticado obtener acceso de shell en un dispositivo afectado y ejecutar comandos en el sistema operativo (SO) subyacente con privilegios root. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ctbypass-7QHAfHkK • CWE-863: Incorrect Authorization •