CVSS: 7.5EPSS: 0%CPEs: 59EXPL: 0CVE-2022-20726 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20726
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el entorno de alojamiento de aplicaciones Cisco IOx en varias plataformas de Cisco podrían permitir a un atacante inyectar comandos arbitrarios en el sistema operativo del host subyacente, ejecutar código arbitrario en el sistema operativo del host subyacente, instalar aplicaciones sin ser autenticado o conducir un ataque de tipo cross-site scripting (XSS) contra un usuario del software afectado. Para más información sobre estas vulnerabilidades, consulte la sección Details de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.2EPSS: 0%CPEs: 214EXPL: 0CVE-2022-20727 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20727
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el entorno de alojamiento de aplicaciones Cisco IOx en varias plataformas de Cisco podrían permitir a un atacante inyectar comandos arbitrarios en el sistema operativo anfitrión subyacente, ejecutar código arbitrario en el sistema operativo anfitrión subyacente, instalar aplicaciones sin estar autenticado o conducir un ataque de tipo cross-site scripting (XSS) contra un usuario del software afectado. Para más información sobre estas vulnerabilidades, consulte la sección Details de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 29EXPL: 0CVE-2022-20697 – Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20697
A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Una vulnerabilidad en la interfaz de servicios web de Cisco IOS Software and Cisco IOS XE Software podría permitir a un atacante remoto autenticado causar una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS • CWE-691: Insufficient Control Flow Management CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.7EPSS: 0%CPEs: 965EXPL: 0CVE-2021-1620 – Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1620
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition. Una vulnerabilidad en el soporte de Intercambio de Claves de Internet Versión 2 (IKEv2) para la funcionalidad AutoReconnect de Cisco IOS Software y Cisco IOS XE Software podría permitir a un atacante remoto autenticado agotar las direcciones IP libres del pool local asignado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr • CWE-563: Assignment to Variable without Use CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 1721EXPL: 0CVE-2021-34705 – Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-34705
A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers. Una vulnerabilidad en el servicio Voice Telephony Service Provider (VTSP) de Cisco IOS Software y Cisco IOS XE Software podría permitir a un atacante remoto no autenticado omitir los patrones de destino configurados y marcar números arbitrarios. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv • CWE-232: Improper Handling of Undefined Values •