CVSS: 7.4EPSS: 0%CPEs: 123EXPL: 0CVE-2021-1403 – Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2021-1403
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient HTTP protections in the web UI on an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the web UI to follow a crafted link. A successful exploit could allow the attacker to corrupt memory on the affected device, forcing it to reload and causing a DoS condition. Una vulnerabilidad en la funcionalidad de la Interfaz de Usuario Web del Software Cisco IOS XE, podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de secuestro de WebSocket (CSWSH) entre sitios y causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cswsh-FKk9AzT5 • CWE-345: Insufficient Verification of Data Authenticity CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.6EPSS: 0%CPEs: 265EXPL: 0CVE-2021-1446 – Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1446
A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a logic error that occurs when an affected device inspects certain DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through an affected device that is performing NAT for DNS packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability can be exploited only by traffic that is sent through an affected device via IPv4 packets. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-hbBS7SZE • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.5EPSS: 0%CPEs: 61EXPL: 0CVE-2021-1443 – Cisco IOS XE Software Web UI OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1443
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly sanitizes values that are parsed from a specific configuration file. An attacker could exploit this vulnerability by tampering with a specific configuration file and then sending an API call. A successful exploit could allow the attacker to inject arbitrary code that would be executed on the underlying operating system of the affected device. To exploit this vulnerability, the attacker would need to have a privileged set of credentials to the device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-os-cmd-inj-Ef6TV5e9 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 224EXPL: 0CVE-2021-1442 – Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1442
A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to insufficient protection of sensitive information. An attacker with low privileges could exploit this vulnerability by issuing the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device. A successful exploit could allow the attacker to obtain a privileged authentication token. This token can be used to send crafted PnP messages and execute privileged commands on the targeted system. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.7EPSS: 0%CPEs: 37EXPL: 0CVE-2021-1436 – Cisco IOS XE SD-WAN Software Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2021-1436
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. Una vulnerabilidad en la CLI del Software Cisco IOS XE SD-WAN, podría permitir a un atacante local autenticado llevar a cabo ataques de salto de ruta y obtener acceso de lectura a archivos confidenciales en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwpathtrav-nsrue2Mt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •