CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20246
https://notcve.org/view.php?id=CVE-2023-20246
Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system. Varios productos de Cisco se ven afectados por una vulnerabilidad en las políticas de control de acceso de Snort que podría permitir que un atacante remoto no autenticado eluda las políticas configuradas en un sistema afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.2EPSS: 3%CPEs: 127EXPL: 2CVE-2023-20273 – Cisco IOS XE Web UI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-20273
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. Una vulnerabilidad en la función de interfaz de usuario web del software Cisco IOS XE podría permitir que un atacante remoto autenticado inyecte comandos con privilegios de root. • https://github.com/smokeintheshell/CVE-2023-20273 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z/cvrf/cisco-sa-iosxe-webui-privesc-j22SaA4z_cvrf.xml https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting https://www.horizon3.ai/cisco-ios-xe- • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 86%CPEs: 4EXPL: 22CVE-2023-20198 – Cisco IOS XE Web UI Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-20198
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. • https://github.com/smokeintheshell/CVE-2023-20198 https://github.com/RevoltSecurities/CVE-2023-20198 https://github.com/Atea-Redteam/CVE-2023-20198 https://github.com/ZephrFish/CVE-2023-20198-Checker https://github.com/W01fh4cker/CVE-2023-20198-RCE https://github.com/Tounsi007/CVE-2023-20198 https://github.com/Shadow0ps/CVE-2023-20198-Scanner https://github.com/Pushkarup/CVE-2023-20198 https://github.com/sohaibeb/CVE-2023-20198 https://github.com/securityphoenix/cisco-CVE-2023-20 • CWE-420: Unprotected Alternate Channel •
CVSS: 7.5EPSS: 81%CPEs: 444EXPL: 7CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0CVE-2023-20235
https://notcve.org/view.php?id=CVE-2023-20235
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems. Una vulnerabilidad en la función de flujo de trabajo de desarrollo de aplicaciones en el dispositivo para la infraestructura de alojamiento de aplicaciones Cisco IOx en el software Cisco IOS XE podría permitir que un atacante remoto autenticado acceda al sistema operativo subyacente como usuario root. Esta vulnerabilidad existe porque los contenedores Docker con la opción de tiempo de ejecución privilegiado no se bloquean cuando están en modo de desarrollo de aplicaciones. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn • CWE-269: Improper Privilege Management CWE-552: Files or Directories Accessible to External Parties •