CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2020-3393 – Cisco IOS XE Software IOx Application Hosting Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3393
24 Sep 2020 — A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-iox-app-host-mcZcnsBt • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 56EXPL: 0CVE-2020-3396 – Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3396
24 Sep 2020 — A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-usb-guestshell-WmevScDj • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2020-3404 – Cisco IOS XE Software Consent Token Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3404
24 Sep 2020 — A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ctbypass-7QHAfHkK • CWE-863: Incorrect Authorization •
CVSS: 8.6EPSS: 1%CPEs: 128EXPL: 0CVE-2020-3407 – Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3407
24 Sep 2020 — A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO • CWE-476: NULL Pointer Dereference •
CVSS: 8.6EPSS: 1%CPEs: 129EXPL: 0CVE-2020-3408 – Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3408
24 Sep 2020 — A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname t... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-splitdns-SPWqpdGW • CWE-185: Incorrect Regular Expression CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.0EPSS: 0%CPEs: 128EXPL: 0CVE-2020-3503 – Cisco IOS XE Software Guest Shell Unauthorized File System Access Vulnerability
https://notcve.org/view.php?id=CVE-2020-3503
24 Sep 2020 — A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or c... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unauth-file-access-eBTWkKVW • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.4EPSS: 0%CPEs: 149EXPL: 0CVE-2020-3508 – Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3508
24 Sep 2020 — A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esp20-arp-dos-GvHVggqJ • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.4EPSS: 0%CPEs: 51EXPL: 0CVE-2020-3511 – Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3511
24 Sep 2020 — A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to cra... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-isdn-q931-dos-67eUZBTf • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 29EXPL: 0CVE-2020-3524 – Cisco IOS XE ROM Monitor Software Vulnerability
https://notcve.org/view.php?id=CVE-2020-3524
24 Sep 2020 — A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An att... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rommon-secboot-7JgVLVYC • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 118EXPL: 0CVE-2020-3214 – Cisco IOS XE Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3214
03 Jun 2020 — A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device. Una vulnerabilidad en Cisco IOS XE Software, podría permitir a un atacante local autenticado escalar sus privilegios hacia un usuario con privilegios de nivel root. La vulnerabilidad es ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc2-A6jVRu7C • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •