CVSS: 5.3EPSS: 0%CPEs: 86EXPL: 0CVE-2024-20390 – Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20390
11 Sep 2024 — A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack tr... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 5.5EPSS: 0%CPEs: 66EXPL: 0CVE-2024-20343 – Cisco IOS XR Software CLI Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2024-20343
11 Sep 2024 — A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful expl... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-shellutil-HCb278wD • CWE-284: Improper Access Control •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20456
https://notcve.org/view.php?id=CVE-2024-20456
10 Jul 2024 — A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device. This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some o... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 222EXPL: 0CVE-2024-20307
https://notcve.org/view.php?id=CVE-2024-20307
27 Mar 2024 — A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a D... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev1-NO2ccFWz • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.6EPSS: 0%CPEs: 466EXPL: 0CVE-2024-20308
https://notcve.org/view.php?id=CVE-2024-20308
27 Mar 2024 — A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev1-NO2ccFWz • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 235EXPL: 0CVE-2024-20271
https://notcve.org/view.php?id=CVE-2024-20271
27 Mar 2024 — A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 171EXPL: 0CVE-2024-20265
https://notcve.org/view.php?id=CVE-2024-20265
27 Mar 2024 — A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation che... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD • CWE-501: Trust Boundary Violation •
CVSS: 5.6EPSS: 0%CPEs: 338EXPL: 0CVE-2024-20309
https://notcve.org/view.php?id=CVE-2024-20309
27 Mar 2024 — A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aux-333WBz8f • CWE-828: Signal Handler with Functionality that is not Asynchronous-Safe •
CVSS: 7.4EPSS: 0%CPEs: 65EXPL: 0CVE-2024-20303
https://notcve.org/view.php?id=CVE-2024-20303
27 Mar 2024 — A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-mdns-dos-4hv6pBGf • CWE-459: Incomplete Cleanup •
CVSS: 7.7EPSS: 0%CPEs: 40EXPL: 0CVE-2024-20278
https://notcve.org/view.php?id=CVE-2024-20278
27 Mar 2024 — A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root. Una vulnerabilidad en la función NETCONF del software Cisco IOS XE podría ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-seAx6NLX • CWE-184: Incomplete List of Disallowed Inputs •