CVSS: 7.7EPSS: 0%CPEs: 965EXPL: 0CVE-2021-1620 – Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1620
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition. Una vulnerabilidad en el soporte de Intercambio de Claves de Internet Versión 2 (IKEv2) para la funcionalidad AutoReconnect de Cisco IOS Software y Cisco IOS XE Software podría permitir a un atacante remoto autenticado agotar las direcciones IP libres del pool local asignado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr • CWE-563: Assignment to Variable without Use CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.4EPSS: 0%CPEs: 101EXPL: 1CVE-2021-34767 – Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers IPv6 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34767
A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. The vulnerability is due to a logic error when processing specific link-local IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that would flow inbound through the wired interface of an affected device. A successful exploit could allow the attacker to cause traffic drops in the affected VLAN, thus triggering the DoS condition. Una vulnerabilidad en el procesamiento del tráfico IPv6 de Cisco IOS XE Wireless Controller Software para Cisco Catalyst 9000 Family Wireless Controllers podría permitir a un atacante adyacente no autenticado causar un bucle de capa 2 (L2) en una VLAN configurada, resultando en una condición de denegación de servicio (DoS) para esa VLAN. • https://github.com/lukejenkins/CVE-2021-34767 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-ipv6-dos-NMYeCnZv • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 5.3EPSS: 0%CPEs: 1721EXPL: 0CVE-2021-34705 – Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-34705
A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers. Una vulnerabilidad en el servicio Voice Telephony Service Provider (VTSP) de Cisco IOS Software y Cisco IOS XE Software podría permitir a un atacante remoto no autenticado omitir los patrones de destino configurados y marcar números arbitrarios. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv • CWE-232: Improper Handling of Undefined Values •
CVSS: 7.7EPSS: 0%CPEs: 834EXPL: 0CVE-2021-34699 – Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34699
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en el analizador TrustSec CLI de Cisco IOS and Cisco IOS XE Software podría permitir a un atacante remoto y autenticado causar una recarga de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2 • CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities CWE-436: Interpretation Conflict •
CVSS: 6.9EPSS: 0%CPEs: 59EXPL: 0CVE-2021-1281 – Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1281
A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an administrative user and executing a sequence of commands. A successful exploit could allow the attacker to obtain access to the underlying operating system as the root user. Una vulnerabilidad en la administración de la CLI en el Software Cisco IOS XE SD-WAN, podría permitir a un atacante local autenticado acceder al sistema operativo subyacente como usuario root. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-clipriv-9TO2QGVp • CWE-399: Resource Management Errors •