CVSS: 7.1EPSS: 0%CPEs: 234EXPL: 0CVE-2022-20694 – Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20694
A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rpki-dos-2EgCNeKE • CWE-617: Reachable Assertion •
CVSS: 7.4EPSS: 0%CPEs: 49EXPL: 0CVE-2021-1621 – Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1621
A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of certain Layer 2 frames. An attacker could exploit this vulnerability by sending specific Layer 2 frames on the segment the router is connected to. A successful exploit could allow the attacker to cause a queue wedge on the interface, resulting in a DoS condition. Una vulnerabilidad en el código de punt de Capa 2 de Cisco IOS XE Software podría permitir a un atacante adyacente y no autenticado causar una queue wedge en una interfaz que reciba tramas específicas de Capa 2, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-quewedge-69BsHUBW • CWE-399: Resource Management Errors •
CVSS: 7.7EPSS: 0%CPEs: 965EXPL: 0CVE-2021-1620 – Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1620
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition. Una vulnerabilidad en el soporte de Intercambio de Claves de Internet Versión 2 (IKEv2) para la funcionalidad AutoReconnect de Cisco IOS Software y Cisco IOS XE Software podría permitir a un atacante remoto autenticado agotar las direcciones IP libres del pool local asignado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr • CWE-563: Assignment to Variable without Use CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1616 – Cisco IOS XE Software H.323 Application Level Gateway Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1616
A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the ALG. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device. A successful exploit could allow the attacker to bypass the ALG and open connections that should not be allowed to a remote device located behind the ALG. Note: This vulnerability has been publicly discussed as NAT Slipstreaming. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-h323alg-bypass-4vy2MP2Q • CWE-693: Protection Mechanism Failure •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1611 – Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers EoGRE Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1611
A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper processing of malformed EoGRE packets. An attacker could exploit this vulnerability by sending malicious packets to the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Una vulnerabilidad en el procesamiento de paquetes Ethernet sobre GRE (EoGRE) de Cisco IOS XE Wireless Controller Software para Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, y Embedded Wireless on Catalyst 9000 Series Switches, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-gre-6u4ELzAT • CWE-399: Resource Management Errors •