Page 5 of 57 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0

A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL. Una vulnerabilidad en el procesamiento del tráfico IPv6 del Software Cisco IOS XR, y el Software Cisco NX-OS para determinados dispositivos Cisco, podría permitir a un atacante remoto no autenticado omitir una lista de control de acceso (ACL) IPv6 configurada para una interfaz de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-acl-CHgdYk8j • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user. Una vulnerabilidad en el analizador de la CLI del Software Cisco IOS XR, podría permitir a un atacante autenticado local visualizar más información de la que sus privilegios permiten. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt • CWE-201: Insertion of Sensitive Information Into Sent Data •

CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los Enrutadores Cisco Network Convergence System (NCS) 540 Series, solo cuando ejecutan imágenes de software de NCS540L de Cisco IOS XR y el Software Cisco IOS XR para los Enrutadores Cisco 8000 Series podrían permitir a un atacante autenticado local ejecutar código sin firmar durante el proceso de arranque en un dispositivo afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxr-l-zNhcGCBt • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los Enrutadores Cisco Network Convergence System (NCS) 540 Series, solo cuando ejecutan imágenes de Software de NCS540L de Cisco IOS XR, y el Software Cisco IOS XR para los Enrutadores Cisco 8000 Series, podrían permitir a un atacante autenticado local ejecutar código sin firmar durante el proceso de arranque en un dispositivo afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxr-l-zNhcGCBt • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0

A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K • CWE-1076: Insufficient Adherence to Expected Conventions •