Page 3 of 17 results (0.005 seconds)

CVSS: 8.1EPSS: 0%CPEs: 100EXPL: 0

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el framework de administración web de Cisco IOS XE Software, podrían permitir a un atacante remoto autenticado con privilegios de solo lectura conseguir acceso de lectura no autorizado a datos confidenciales o causar que el software de administración web se cuelgue o bloquee, resultando en una condición de denegación de servicio (DoS). Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-webui-multi-vfTkk7yr • CWE-20: Improper Input Validation •

CVSS: 6.0EPSS: 0%CPEs: 128EXPL: 0

A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators. Una vulnerabilidad en los permisos del sistema de archivos de Cisco IOS XE Software, podría permitir a un atacante local autenticado conseguir acceso de lectura y escritura a la configuración crítica o archivos del sistema. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unauth-file-access-eBTWkKVW • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.6EPSS: 0%CPEs: 53EXPL: 0

A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device. Una vulnerabilidad en el componente Umbrella Connector de Cisco IOS XE Software para Cisco Catalyst 9200 Series Switches, podría permitir a un atacante remoto no autenticado desencadenar una recarga, resultando en una condición de denegación de servicio en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-umbrella-dos-t2QMUX37 • CWE-388: 7PK - Errors CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.4EPSS: 0%CPEs: 132EXPL: 0

A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of LLDP messages in the PROFINET LLDP message handler. An attacker could exploit this vulnerability by sending a malicious LLDP message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload. Una vulnerabilidad en el manejador PROFINET para los mensajes Link Layer Discovery Protocol (LLDP) de Cisco IOS Software y Cisco IOS XE Software, podría permitir a un atacante adyacente no autenticado causar un bloqueo en un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-profinet-dos-65qYG3W5 • CWE-388: 7PK - Errors CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.2EPSS: 0%CPEs: 118EXPL: 0

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device. Una vulnerabilidad en Cisco IOS XE Software, podría permitir a un atacante local autenticado escalar sus privilegios hacia un usuario con privilegios de nivel root. La vulnerabilidad es debido a una comprobación insuficiente del contenido suministrado por el usuario. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc2-A6jVRu7C • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •