CVE-2020-3258 – Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3258
Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000), podrían permitir a un atacante remoto no autenticado o un atacante local autenticado ejecutar código arbitrario sobre un sistema afectado o causar que un sistema afectado se bloquee y vuelva a cargar. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-3257 – Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3257
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el entorno de aplicación Cisco IOx de Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000) que ejecuta Cisco IOS Software, podrían permitir a un atacante causar una condición de denegación de servicio (DoS) o ejecutar código arbitrario con privilegios elevados sobre un dispositivo afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-3235 – Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3235
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-20: Improper Input Validation CWE-118: Incorrect Access of Indexable Resource ('Range Error') •
CVE-2020-3234 – Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability
https://notcve.org/view.php?id=CVE-2020-3234
A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability by authenticating to the targeted device and then connecting to VDS through the device’s virtual console by using the static credentials. A successful exploit could allow the attacker to access the Linux shell of VDS as the root user. Una vulnerabilidad en la autenticación de la consola virtual de Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000), podría permitir a un atacante local autenticado pero poco privilegiado iniciar sesión en el Virtual Device Server (VDS) de un dispositivo afectado mediante el uso de un conjunto de credenciales predeterminadas. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY • CWE-798: Use of Hard-coded Credentials •
CVE-2020-3200 – Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3200
A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en el código del servidor Secure Shell (SSH) de Cisco IOS Software y el Cisco IOS XE Software, podría permitir a un atacante remoto autenticado causar una recarga de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A • CWE-371: State Issues CWE-436: Interpretation Conflict •