CVSS: 8.6EPSS: 0%CPEs: 50EXPL: 0CVE-2019-12663 – Cisco IOS XE Software TrustSec Protected Access Credential Provisioning Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12663
A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state. Una vulnerabilidad en el módulo de aprovisionamiento Cisco TrustSec (CTS) Protected Access Credential (PAC) del software Cisco IOS XE, podría permitir a un atacante remoto no autenticado causar una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). La vulnerabilidad es debido a la comprobación inapropiada de atributos en los mensajes RADIUS. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ctspac-dos • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12659 – Cisco IOS XE Software HTTP Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12659
A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash. Una vulnerabilidad en el código del servidor HTTP del Software Cisco IOS XE, podría permitir a un atacante remoto no autenticado causar el bloqueo del servidor HTTP. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-httpserv-dos • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 118EXPL: 0CVE-2019-12657 – Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12657
A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en Unified Threat Defense (UTD) en el Software Cisco IOS XE, podría permitir a un atacante remoto no autenticado causar que un dispositivo afectado se recargue. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 84%CPEs: 5EXPL: 0CVE-2019-12651 – Cisco IOS XE Software Web UI Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12651
Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de usuario basada en web (UI web) del software Cisco IOS XE, podrían permitir a un atacante remoto autenticado ejecutar comandos con privilegios elevados en el dispositivo afectado. Para más información sobre estas vulnerabilidades, consulte la sección de Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 29EXPL: 0CVE-2019-12647 – Cisco IOS and IOS XE Software IP Ident Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12647
A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en el manejador del protocolo Ident de los Software Cisco IOS y IOS XE, podría permitir a un atacante remoto no autenticado causar la recarga de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos • CWE-476: NULL Pointer Dereference •