CVE-2024-20311
https://notcve.org/view.php?id=CVE-2024-20311
A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: This vulnerability could be exploited over either IPv4 or IPv6 transport. Una vulnerabilidad en la función del Protocolo de separación de ID del localizador (LISP) del software Cisco IOS y del software Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque la recarga de un dispositivo afectado. Esta vulnerabilidad se debe al manejo incorrecto de los paquetes LISP. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lisp-3gYXs3qP • CWE-674: Uncontrolled Recursion •
CVE-2024-20316
https://notcve.org/view.php?id=CVE-2024-20316
A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device. Una vulnerabilidad en los servicios de interfaz de modelo de datos (DMI) del software Cisco IOS XE podría permitir que un atacante remoto no autenticado acceda a recursos que deberían haber estado protegidos por una lista de control de acceso (ACL) IPv4 configurada. Esta vulnerabilidad se debe al manejo inadecuado de las condiciones de error cuando un administrador de dispositivo autorizado exitosamente actualiza una ACL IPv4 usando el protocolo NETCONF o RESTCONF, y la actualización reordenaría las entradas de control de acceso (ACE) en la ACL actualizada. Un atacante podría aprovechar esta vulnerabilidad accediendo a recursos que deberían haber estado protegidos en un dispositivo afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz • CWE-390: Detection of Error Condition Without Action •
CVE-2023-20273 – Cisco IOS XE Web UI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-20273
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. Una vulnerabilidad en la función de interfaz de usuario web del software Cisco IOS XE podría permitir que un atacante remoto autenticado inyecte comandos con privilegios de root. • https://github.com/smokeintheshell/CVE-2023-20273 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z/cvrf/cisco-sa-iosxe-webui-privesc-j22SaA4z_cvrf.xml https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting https://www.horizon3.ai/cisco-ios-xe- • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-20198 – Cisco IOS XE Web UI Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-20198
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. • https://github.com/smokeintheshell/CVE-2023-20198 https://github.com/RevoltSecurities/CVE-2023-20198 https://github.com/Atea-Redteam/CVE-2023-20198 https://github.com/ZephrFish/CVE-2023-20198-Checker https://github.com/W01fh4cker/CVE-2023-20198-RCE https://github.com/Tounsi007/CVE-2023-20198 https://github.com/Shadow0ps/CVE-2023-20198-Scanner https://github.com/Pushkarup/CVE-2023-20198 https://github.com/sohaibeb/CVE-2023-20198 https://github.com/securityphoenix/cisco-CVE-2023-20 • CWE-420: Unprotected Alternate Channel •
CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •