Page 58 of 1127 results (0.012 seconds)

CVSS: 8.8EPSS: 0%CPEs: 93EXPL: 0

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el entorno de aplicación en Cisco IOx de Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000) que ejecuta Cisco IOS Software, podrían permitir a un atacante causar una condición de denegación de servicio (DoS) o ejecutar código arbitrario con privilegios elevados en un dispositivo afectado. Para mayor información sobre estas vulnerabilidades, ver la sección de Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 87EXPL: 0

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000), podrían permitir a un atacante remoto no autenticado o a un atacante local autenticado ejecutar código arbitrario en un sistema afectado o causar que un sistema afectado se bloquee y se vuelva a cargar. Para mayor información sobre estas vulnerabilidades, ver la sección de Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 8.6EPSS: 0%CPEs: 490EXPL: 0

A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Una vulnerabilidad en Security Group Tag Exchange Protocol (SXP) en Cisco IOS Software, Cisco IOS XE Software y Cisco NX-OS Software, podría permitir a un atacante remoto no autenticado causar que el dispositivo afectado se vuelva a cargar, resultando en una condición denegación de servicio (DoS ). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sxp-68TEVzR • CWE-20: Improper Input Validation •

CVSS: 4.7EPSS: 0%CPEs: 22EXPL: 0

A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is received on the 802.1X-enabled port is mishandled. An attacker could exploit this vulnerability by sending broadcast traffic on the port before being authenticated. A successful exploit could allow the attacker to send and receive broadcast traffic on the 802.1X-enabled port before authentication. Una vulnerabilidad en la funcionalidad 802.1X de Cisco Catalyst 2960-L Series Switches y Cisco Catalyst CDB-8P Switches, podría permitir a un atacante adyacente no autenticado reenviar el tráfico de difusión antes de ser autenticado en el puerto. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960L-DpWA9Re4 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 792EXPL: 0

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach the maximum incoming negotiation limits and prevent further IKEv2 security associations from being formed. Una vulnerabilidad en la implementación de Internet Key Exchange Versión 2 (IKEv2) en Cisco IOS Software y Cisco IOS XE Software, podría permitir a un atacante remoto no autenticado impedir que IKEv2 establezca nuevas asociaciones de seguridad. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-9p23Jj2a • CWE-20: Improper Input Validation •