Page 24 of 152 results (0.005 seconds)

CVSS: 8.6EPSS: 0%CPEs: 152EXPL: 0

A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.6EPSS: 0%CPEs: 19EXPL: 0

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Una vulnerabilidad en el código del framework web del Software Cisco IOS XE, podría permitir a un atacante remoto autenticado realizar un ataque de tipo cross-site scripting (XSS) almacenado contra un usuario de la interfaz web del software afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.6EPSS: 0%CPEs: 50EXPL: 0

A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state. Una vulnerabilidad en el módulo de aprovisionamiento Cisco TrustSec (CTS) Protected Access Credential (PAC) del software Cisco IOS XE, podría permitir a un atacante remoto no autenticado causar una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). La vulnerabilidad es debido a la comprobación inapropiada de atributos en los mensajes RADIUS. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ctspac-dos • CWE-20: Improper Input Validation •

CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0

A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol. Una vulnerabilidad en la funcionalidad Raw Socket Transport del software Cisco IOS XE, podría permitir a un atacante remoto no autenticado desencadenar una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos • CWE-20: Improper Input Validation •