CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20135
https://notcve.org/view.php?id=CVE-2023-20135
A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device. Una vulnerabilidad en las comprobaciones de verificación de imágenes del Software Cisco IOS XR podría permitir que un atacante local autenticado ejecute código arbitrario en el sistema operativo subyacente. Esta vulnerabilidad se debe a una condición de ejecución de tiempo de verificación, tiempo de uso (TOCTOU) cuando se realiza una consulta de instalación relacionada con una imagen ISO durante una operación de instalación que utiliza una imagen ISO. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5 • CWE-347: Improper Verification of Cryptographic Signature CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 4.9EPSS: 0%CPEs: 19EXPL: 0CVE-2023-20194
https://notcve.org/view.php?id=CVE-2023-20194
A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw • CWE-268: Privilege Chaining CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20193
https://notcve.org/view.php?id=CVE-2023-20193
A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20263
https://notcve.org/view.php?id=CVE-2023-20263
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Una vulnerabilidad en la interfaz de gestión basada en web de la plataforma de datos Cisco HyperFlex HX podría permitir a un atacante remoto no autenticado redirigir a un usuario a una página web maliciosa. Esta vulnerabilidad se debe a una validación de entrada incorrecta de los parámetros en una solicitud HTTP. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-redirect-UxLgqdUF • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.1EPSS: 4%CPEs: 491EXPL: 0CVE-2023-20269 – Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
https://notcve.org/view.php?id=CVE-2023-20269
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following: Identify valid credentials that could then be used to establish an unauthorized remote access VPN session. Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier). Notes: Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-863: Incorrect Authorization •