CVSS: 9.0EPSS: 0%CPEs: 63EXPL: 0CVE-2022-20693 – Cisco IOS XE Software Web UI API Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-20693
15 Apr 2022 — A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. Una vulnerabilidad en la funcionalidad de la Interfaz de Usuario web del ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webuiapi-inj-Nyrq92Od • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 234EXPL: 0CVE-2022-20694 – Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20694
15 Apr 2022 — A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rpki-dos-2EgCNeKE • CWE-617: Reachable Assertion •
CVSS: 9.0EPSS: 0%CPEs: 139EXPL: 1CVE-2022-20718 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20718
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-px2c-q384-5wxc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 142EXPL: 1CVE-2022-20719 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20719
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-8v5w-4fhm-gqxj • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.4EPSS: 0%CPEs: 49EXPL: 0CVE-2021-1621 – Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1621
23 Sep 2021 — A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of certain Layer 2 frames. An attacker could exploit this vulnerability by sending specific Layer 2 frames on the segment the router is connected to. A successful exploit could allow the attacker to cause a queue wedge on... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-quewedge-69BsHUBW • CWE-399: Resource Management Errors •
CVSS: 7.7EPSS: 0%CPEs: 965EXPL: 0CVE-2021-1620 – Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1620
23 Sep 2021 — A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit coul... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr • CWE-563: Assignment to Variable without Use CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.8EPSS: 1%CPEs: 264EXPL: 0CVE-2021-1619 – Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1619
23 Sep 2021 — A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a serie... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaa-Yx47ZT8Q • CWE-824: Access of Uninitialized Pointer CWE-908: Use of Uninitialized Resource •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1616 – Cisco IOS XE Software H.323 Application Level Gateway Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1616
23 Sep 2021 — A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the ALG. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device. A successful exploit could allow the attacker to bypass the ALG and open connections that should not be allowed to... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-h323alg-bypass-4vy2MP2Q • CWE-693: Protection Mechanism Failure •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1611 – Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers EoGRE Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1611
23 Sep 2021 — A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper processing of malformed EoGRE packets. An attacker could exploit this vulnerability by sending malicious pack... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-gre-6u4ELzAT • CWE-399: Resource Management Errors •
CVSS: 8.6EPSS: 0%CPEs: 63EXPL: 0CVE-2021-1565 – Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1565
23 Sep 2021 — Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit coul... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-gmNjdKOY • CWE-415: Double Free •