CVE-2019-16026 – Cisco Mobility Management Entity Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-16026
A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition. Una vulnerabilidad en la implementación del Stream Control Transmission Protocol (SCTP) en Cisco Mobility Management Entity (MME), podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un eNodeB que esté conectado en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos • CWE-20: Improper Input Validation •
CVE-2017-6707
https://notcve.org/view.php?id=CVE-2017-6707
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930. Una vulnerabilidad en el código command-parsing de la CLI del sistema operativo StarOS de Cisco para dispositivos ASR 5000 Series versión 11.0 hasta 21.0, 5500 Series y 5700 Series de Cisco y el software Virtualized Packet Core (VPC) de Cisco, podría permitir a un atacante local autenticado interrumpir la CLI del StarOS de un sistema afectado y ejecutar comandos shell arbitrarios como usuario root de Linux en el sistema, también se conoce como Inyección de Comandos. • http://www.securityfocus.com/bid/99462 http://www.securitytracker.com/id/1038818 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-asrcmd • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2015-0711
https://notcve.org/view.php?id=CVE-2015-0711
The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711. El servicio hamgr en la implementación IPv6 Proxy Mobile (PM) en Cisco StarOS 18.1.0.59776 en los dispositivos ASR 5000 permite a atacantes remotos causar una denegación de servicio (recarga de servicio e interrupción del procesamiento de llamadas) a través de paquetes PM malformados, también conocido como Bug ID CSCut94711. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38557 http://www.securitytracker.com/id/1032213 • CWE-399: Resource Management Errors •