CVSS: 8.6EPSS: 0%CPEs: 152EXPL: 0CVE-2019-12658 – Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12658
A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 118EXPL: 0CVE-2019-12657 – Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12657
A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en Unified Threat Defense (UTD) en el Software Cisco IOS XE, podría permitir a un atacante remoto no autenticado causar que un dispositivo afectado se recargue. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 77%CPEs: 139EXPL: 0CVE-2019-12650 – Cisco IOS XE Software Web UI Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12650
Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de usuario basada en web (UI web) del software Cisco IOS XE, podrían permitir a un atacante remoto autenticado ejecutar comandos con privilegios elevados en el dispositivo afectado. Para más información sobre estas vulnerabilidades, consulte la sección de Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 1CVE-2019-12624 – Cisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-12624
A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. Una vulnerabilidad en la interfaz de administración basada en la web del Controlador inalámbrico de nueva generación Cisco IOS XE (NGWC) podría permitir que un atacante remoto no autenticado realice un ataque de falsificación de solicitud entre sitios (CSRF) y realice acciones arbitrarias en un dispositivo afectado. • https://www.exploit-db.com/exploits/47153 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-iosxe-ngwc-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 118EXPL: 0CVE-2018-0177
https://notcve.org/view.php?id=CVE-2018-0177
A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. • http://www.securityfocus.com/bid/103563 http://www.securitytracker.com/id/1040588 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4 • CWE-19: Data Processing Errors •