Page 29 of 151 results (0.016 seconds)

CVSS: 8.6EPSS: 0%CPEs: 60EXPL: 0

A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition. Una vulnerabilidad en la funcionalidad locally significant certificate (LSC) de Cisco Catalyst 9800 Series Wireless Controllers que ejecuta Cisco IOS XE Software, podría permitir a un atacante remoto no autenticado causar una pérdida de memoria que podría conllevar a una condición de denegación de servicio (DoS) . • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-dos-TkuPVmZN • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 6.0EPSS: 0%CPEs: 1917EXPL: 0

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by executing crafted Tcl arguments on an affected device. An exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Una vulnerabilidad en el intérprete Tool Command Language (Tcl) de Cisco IOS Software y Cisco IOS XE Software, podría permitir a un atacante local autenticado con credenciales EXEC privilegiadas causar una condición de denegación de servicio (DoS) en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tcl-dos-MAZQUnMF • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwcinj-AcQ5MxCn • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.6EPSS: 0%CPEs: 50EXPL: 0

A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state. Una vulnerabilidad en el módulo de aprovisionamiento Cisco TrustSec (CTS) Protected Access Credential (PAC) del software Cisco IOS XE, podría permitir a un atacante remoto no autenticado causar una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). La vulnerabilidad es debido a la comprobación inapropiada de atributos en los mensajes RADIUS. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ctspac-dos • CWE-20: Improper Input Validation •

CVSS: 9.0EPSS: 77%CPEs: 139EXPL: 0

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de usuario basada en web (UI web) del software Cisco IOS XE, podrían permitir a un atacante remoto autenticado ejecutar comandos con privilegios elevados en el dispositivo afectado. Para más información sobre estas vulnerabilidades, consulte la sección de Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •