CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2019-1742 – Cisco IOS XE Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1742
27 Mar 2019 — A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information. Una vulnerabilidad en la interfaz web del software Cisco IOS XE podría permitir qu... • http://www.securityfocus.com/bid/107600 • CWE-16: Configuration •
CVSS: 8.6EPSS: 0%CPEs: 149EXPL: 0CVE-2019-1740 – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1740
27 Mar 2019 — A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, r... • http://www.securityfocus.com/bid/107597 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 14EXPL: 0CVE-2019-1741 – Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1741
27 Mar 2019 — A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attack... • http://www.securityfocus.com/bid/107614 • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 164EXPL: 0CVE-2019-1739 – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1739
27 Mar 2019 — A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, re... • http://www.securityfocus.com/bid/107597 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 164EXPL: 0CVE-2019-1738 – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1738
27 Mar 2019 — A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload,... • http://www.securityfocus.com/bid/107597 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 615EXPL: 0CVE-2019-1737 – Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1737
27 Mar 2019 — A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the at... • http://www.securityfocus.com/bid/107604 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1195EXPL: 0CVE-2018-0197 – Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0197
05 Oct 2018 — A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code o... • http://www.securityfocus.com/bid/105424 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0480 – Cisco IOS XE Software Errdisable Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0480
05 Oct 2018 — A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to ... • http://www.securityfocus.com/bid/105400 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0194
https://notcve.org/view.php?id=CVE-2018-0194
02 Apr 2018 — Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker c... • http://www.securityfocus.com/bid/103547 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0185
https://notcve.org/view.php?id=CVE-2018-0185
28 Mar 2018 — Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker c... • http://www.securityfocus.com/bid/103547 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •