CVSS: 8.6EPSS: 0%CPEs: 373EXPL: 0CVE-2024-20311
https://notcve.org/view.php?id=CVE-2024-20311
A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: This vulnerability could be exploited over either IPv4 or IPv6 transport. Una vulnerabilidad en la función del Protocolo de separación de ID del localizador (LISP) del software Cisco IOS y del software Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque la recarga de un dispositivo afectado. Esta vulnerabilidad se debe al manejo incorrecto de los paquetes LISP. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lisp-3gYXs3qP • CWE-674: Uncontrolled Recursion •
CVSS: 5.8EPSS: 0%CPEs: 160EXPL: 0CVE-2024-20316
https://notcve.org/view.php?id=CVE-2024-20316
A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device. Una vulnerabilidad en los servicios de interfaz de modelo de datos (DMI) del software Cisco IOS XE podría permitir que un atacante remoto no autenticado acceda a recursos que deberían haber estado protegidos por una lista de control de acceso (ACL) IPv4 configurada. Esta vulnerabilidad se debe al manejo inadecuado de las condiciones de error cuando un administrador de dispositivo autorizado exitosamente actualiza una ACL IPv4 usando el protocolo NETCONF o RESTCONF, y la actualización reordenaría las entradas de control de acceso (ACE) en la ACL actualizada. Un atacante podría aprovechar esta vulnerabilidad accediendo a recursos que deberían haber estado protegidos en un dispositivo afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz • CWE-390: Detection of Error Condition Without Action •
CVSS: 6.6EPSS: 0%CPEs: 1040EXPL: 0CVE-2023-20109 – Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2023-20109
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory. Una vulnerabilidad en la función Cisco Group Encrypted Transport VPN (GET VPN) del software Cisco IOS y del software Cisco IOS XE podría permitir que un atacante remoto autenticado que tiene control administrativo de un miembro del grupo o de un servidor de claves ejecute código arbitrario en un dispositivo afectado o haga que el dispositivo se bloquee. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 996EXPL: 0CVE-2023-20186
https://notcve.org/view.php?id=CVE-2023-20186
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device. Una vulnerabilidad en la función Authentication, Authorization, and Accounting (AAA) del software Cisco IOS y del software Cisco IOS XE podría permitir a un atacante remoto autenticado eludir la autorización de ejecución de comandos y copiar archivos hacia o desde el sistema de archivos de un dispositivo afectado utilizando la función Secure Copy Protocol (SCP). Esta vulnerabilidad se debe al procesamiento incorrecto de los comandos SCP en las comprobaciones de autorización de comandos AAA. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaascp-Tyj4fEJm • CWE-285: Improper Authorization •
CVSS: 8.6EPSS: 0%CPEs: 136EXPL: 0CVE-2023-20227
https://notcve.org/view.php?id=CVE-2023-20227
A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exploit this vulnerability by sending crafted L2TP packets to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. Una vulnerabilidad en la función Layer 2 Tunneling Protocol (L2TP) del software Cisco IOS XE podría permitir que un atacante remoto no autenticado cause una condición de denegación de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe al manejo inadecuado de ciertos paquetes L2TP. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-l2tp-dos-eB5tuFmV • CWE-388: 7PK - Errors •