CVE-2017-6664
https://notcve.org/view.php?id=CVE-2017-6664
A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked. This vulnerability affected devices that are running Release 16.x of Cisco IOS XE Software and are configured to use Autonomic Networking. This vulnerability does not affect devices that are running an earlier release of Cisco IOS XE Software or devices that are not configured to use Autonomic Networking. More Information: CSCvd22328. Known Affected Releases: 15.5(1)S3.1 Denali-16.2.1. • http://www.securityfocus.com/bid/99986 http://www.securitytracker.com/id/1038997 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-anicrl • CWE-295: Improper Certificate Validation •
CVE-2017-6606
https://notcve.org/view.php?id=CVE-2017-6606
A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E. Una vulnerabilidad en una secuencia de comandos de inicio del software Cisco IOS XE podría permitir a un atacante no autenticado con acceso físico al sistema de destino ejecutar comandos arbitrarios en el sistema operativo subyacente con los privilegios del usuario root. • http://www.securityfocus.com/bid/97434 http://www.securitytracker.com/id/1038190 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-3858
https://notcve.org/view.php?id=CVE-2017-3858
A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected web page parameter. The user must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. • http://www.securityfocus.com/bid/97009 http://www.securitytracker.com/id/1038102 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-xeci • CWE-20: Improper Input Validation •
CVE-2016-6450
https://notcve.org/view.php?id=CVE-2016-6450
A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29). • http://www.securityfocus.com/bid/94340 http://www.securitytracker.com/id/1037299 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe • CWE-20: Improper Input Validation •
CVE-2016-6393
https://notcve.org/view.php?id=CVE-2016-6393
The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667. El servicio AAA en Cisco IOS 12.0 hasta la versión 12.4 y 15.0 hasta la versión 15.6 e IOS XE 2.1 hasta la versión 3.18 y 16.2 permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) a través de un intento de conexión SSH fallido que no es manejado correctamente durante la generación de un mensaje de registro de error, vulnerabilidad también conocida como Bug ID CSCuy87667. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados http://www.securityfocus.com/bid/93196 http://www.securitytracker.com/id/1036914 https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04 • CWE-399: Resource Management Errors •