Page 5 of 44 results (0.009 seconds)

CVSS: 5.8EPSS: 0%CPEs: 302EXPL: 0

A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful for legitimate hosts, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la administración del Address Resolution Protocol (ARP) del Software Cisco IOS y el Software Cisco IOS XE, podría permitir a un atacante remoto no autenticado impedir que un dispositivo afectado resuelva entradas ARP para hosts legítimos en las subredes conectadas. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arp-mtfhBfjE • CWE-399: Resource Management Errors •

CVSS: 6.5EPSS: 0%CPEs: 57EXPL: 1

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system. Una vulnerabilidad en el entorno de alojamiento de aplicaciones Cisco IOx de varias plataformas Cisco, podría permitir a un atacante remoto autenticado llevar a cabo ataques de salto de directorio y leer y escribir archivos en el sistema operativo o host subyacente. • https://github.com/orangecertcc/security-research/security/advisories/GHSA-hhfw-6cm2-v3w5 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-pt-hWGcPf7g • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.4EPSS: 0%CPEs: 37EXPL: 0

A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device. Una vulnerabilidad en la funcionalidad PROFINET de Cisco IOS Software y Cisco IOS XE Software, podría permitir a un atacante adyacente no autenticado causar que un dispositivo afectado se bloquee y recargue, resultando en una condición de denegación de servicio (DoS) en el dispositivo. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-profinet-J9QMCHPB • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ios-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000), podrían permitir a un atacante remoto no autenticado o un atacante local autenticado ejecutar código arbitrario sobre un sistema afectado o causar que un sistema afectado se bloquee y vuelva a cargar. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •