CVSS: 9.8EPSS: 84%CPEs: 19EXPL: 1CVE-2020-3243 – Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
https://notcve.org/view.php?id=CVE-2020-3243
15 Apr 2020 — Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto d... • https://packetstorm.news/files/id/157955 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 42%CPEs: 19EXPL: 0CVE-2020-3240 – Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
https://notcve.org/view.php?id=CVE-2020-3240
15 Apr 2020 — Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto d... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 48%CPEs: 19EXPL: 0CVE-2020-3239 – Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
https://notcve.org/view.php?id=CVE-2020-3239
15 Apr 2020 — Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto d... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2020-3167 – Cisco FXOS and UCS Manager Software CLI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-3167
26 Feb 2020 — A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all a... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cmdinj • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-3171 – Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-3171
26 Feb 2020 — A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cli-cmdinj • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 119EXPL: 0CVE-2020-3172 – Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3172
26 Feb 2020 — A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful expl... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-nxos-cdp • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-3173 – Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-3173
26 Feb 2020 — A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by including crafted arguments to specific commands on the local management CLI. A successful exploit could allow the attacker to execute arbitrary commands on th... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-ucs-cli-cmdinj • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 34EXPL: 0CVE-2019-1950 – Cisco IOS XE SD-WAN Software Default Credentials Vulnerability
https://notcve.org/view.php?id=CVE-2019-1950
19 Feb 2020 — A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259 • CWE-255: Credentials Management Errors CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 8.8EPSS: 7%CPEs: 120EXPL: 0CVE-2020-3119 – Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-3119
05 Feb 2020 — A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit co... • http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 208EXPL: 0CVE-2020-3120 – Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3120
05 Feb 2020 — A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected devi... • http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html • CWE-190: Integer Overflow or Wraparound •