CVSS: 6.5EPSS: 0%CPEs: 82EXPL: 0CVE-2024-20262
https://notcve.org/view.php?id=CVE-2024-20262
13 Mar 2024 — A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or S... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw • CWE-269: Improper Privilege Management •
CVSS: 7.4EPSS: 0%CPEs: 36EXPL: 0CVE-2024-20318
https://notcve.org/view.php?id=CVE-2024-20318
13 Mar 2024 — A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful explo... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-20315
https://notcve.org/view.php?id=CVE-2024-20315
13 Mar 2024 — A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were suppo... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e • CWE-284: Improper Access Control •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-20322
https://notcve.org/view.php?id=CVE-2024-20322
13 Mar 2024 — A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 91EXPL: 0CVE-2024-20266
https://notcve.org/view.php?id=CVE-2024-20266
13 Mar 2024 — A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to c... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-3tgPKRdm • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2024-20320
https://notcve.org/view.php?id=CVE-2024-20320
13 Mar 2024 — A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client comm... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.4EPSS: 0%CPEs: 61EXPL: 0CVE-2024-20327
https://notcve.org/view.php?id=CVE-2024-20327
13 Mar 2024 — A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pppma-JKWFgneW • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 37EXPL: 0CVE-2024-20345
https://notcve.org/view.php?id=CVE-2024-20345
06 Mar 2024 — A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device. Una vulnerabilidad en la funcionalidad de carga de arch... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-26: Path Traversal: '/dir/../filename' •
CVSS: 5.5EPSS: 0%CPEs: 37EXPL: 0CVE-2024-20346
https://notcve.org/view.php?id=CVE-2024-20346
06 Mar 2024 — A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arb... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-xss-3JwqSMNT • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-20292
https://notcve.org/view.php?id=CVE-2024-20292
06 Mar 2024 — A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text. Una vulnerabilidad en el compo... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-infodisc-rLCEqm6T • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •