CVSS: 4.6EPSS: 0%CPEs: 43EXPL: 0CVE-2023-20064 – Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-20064
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 28EXPL: 0CVE-2022-20821 – Cisco IOS XR Open Port Vulnerability
https://notcve.org/view.php?id=CVE-2022-20821
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20758 – Cisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20758
A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect processing of a BGP update message that contains specific EVPN attributes. An attacker could exploit this vulnerability by sending a BGP update message that contains specific EVPN attributes. To exploit this vulnerability, an attacker must control a BGP speaker that has an established trusted peer connection to an affected device that is configured with the address family L2VPN EVPN to receive and process the update message. This vulnerability cannot be exploited by any data that is initiated by clients on the Layer 2 network or by peers that are not configured to accept the L2VPN EVPN address family. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgpevpn-zWTRtPBb • CWE-399: Resource Management Errors •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20714 – Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20714
A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are received on the Lightspeed-Plus line cards. An attacker could exploit this vulnerability by sending a crafted IPv4 or IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the Lightspeed-Plus line card to reset, resulting in a denial of service (DoS) condition for any traffic that traverses that line card. Una vulnerabilidad en el microcódigo del plano de datos de las tarjetas de línea Lightspeed-Plus para Cisco ASR 9000 Series Aggregation Services Routers podría permitir a un atacante remoto no autenticado causar el reinicio de la tarjeta de línea. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lsplus-Z6AQEOjk • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-40120 – Cisco Small Business RV Series Routers Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-40120
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as a user with root-level privileges. Una vulnerabilidad en la interfaz de administración basada en la web de algunos routers de la serie RV de Cisco Small Business podría permitir a un atacante remoto autenticado con privilegios administrativos inyectar comandos arbitrarios en el sistema operativo subyacente y ejecutarlos usando privilegios de nivel de root. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbrv-cmdinjection-Z5cWFdK • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •