CVSS: 7.4EPSS: 0%CPEs: 61EXPL: 0CVE-2024-20327
https://notcve.org/view.php?id=CVE-2024-20327
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router. Una vulnerabilidad en la función de terminación de PPP sobre Ethernet (PPPoE) del software Cisco IOS XR para los enrutadores de servicios de agregación Cisco ASR serie 9000 podría permitir que un atacante adyacente no autenticado bloquee el proceso ppp_ma, lo que resultaría en una condición de denegación de servicio (DoS). Esta vulnerabilidad se debe al manejo inadecuado de paquetes PPPoE con formato incorrecto que se reciben en un enrutador que ejecuta la funcionalidad Broadband Network Gateway (BNG) con terminación PPPoE en una tarjeta de línea basada en Lightspeed o Lightspeed-Plus. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pppma-JKWFgneW • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 37EXPL: 0CVE-2024-20345
https://notcve.org/view.php?id=CVE-2024-20345
A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device. Una vulnerabilidad en la funcionalidad de carga de archivos de Cisco AppDynamics Controller podría permitir que un atacante remoto autenticado realice ataques de directory traversal en un dispositivo afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-26: Path Traversal: '/dir/../filename' •
CVSS: 5.4EPSS: 0%CPEs: 37EXPL: 0CVE-2024-20346
https://notcve.org/view.php?id=CVE-2024-20346
A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Una vulnerabilidad en la interfaz de administración basada en web de Cisco AppDynamics Controller podría permitir que un atacante remoto autenticado realice un ataque de Cross-Site Scripting (XSS) reflejado contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validación insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administración basada en web. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-xss-3JwqSMNT • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-20292
https://notcve.org/view.php?id=CVE-2024-20292
A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text. Una vulnerabilidad en el componente de registro de Cisco Duo Authentication para Windows Logon y RDP podría permitir que un atacante local autenticado vea información confidencial en texto sin cifrar en un sistema afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-infodisc-rLCEqm6T • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-20336
https://notcve.org/view.php?id=CVE-2024-20336
A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB • CWE-121: Stack-based Buffer Overflow •