Page 6 of 253 results (0.003 seconds)

CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0

28 Mar 2019 — A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web U... • http://www.securityfocus.com/bid/107598 • CWE-20: Improper Input Validation •

CVSS: 8.6EPSS: 1%CPEs: 322EXPL: 0

28 Mar 2019 — A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condit... • http://www.securityfocus.com/bid/107589 • CWE-20: Improper Input Validation •

CVSS: 7.4EPSS: 0%CPEs: 930EXPL: 0

27 Mar 2019 — A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify conf... • http://www.securityfocus.com/bid/107619 • CWE-295: Improper Certificate Validation •

CVSS: 7.4EPSS: 0%CPEs: 567EXPL: 0

27 Mar 2019 — A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulti... • http://www.securityfocus.com/bid/107612 • CWE-20: Improper Input Validation •

CVSS: 8.6EPSS: 2%CPEs: 164EXPL: 0

27 Mar 2019 — A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, re... • http://www.securityfocus.com/bid/107597 • CWE-20: Improper Input Validation •

CVSS: 8.6EPSS: 2%CPEs: 164EXPL: 0

27 Mar 2019 — A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload,... • http://www.securityfocus.com/bid/107597 • CWE-20: Improper Input Validation •

CVSS: 8.6EPSS: 1%CPEs: 615EXPL: 0

27 Mar 2019 — A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the at... • http://www.securityfocus.com/bid/107604 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

05 Oct 2018 — A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a ... • http://www.securityfocus.com/bid/105412 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 1195EXPL: 0

05 Oct 2018 — A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code o... • http://www.securityfocus.com/bid/105424 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 0

28 Mar 2018 — Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487. Múltiples vulnerabilidades de desbordamiento de búfer en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco ... • http://www.securityfocus.com/bid/103564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •