CVSS: 7.5EPSS: 0%CPEs: 792EXPL: 0CVE-2020-3230 – Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3230
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach the maximum incoming negotiation limits and prevent further IKEv2 security associations from being formed. Una vulnerabilidad en la implementación de Internet Key Exchange Versión 2 (IKEv2) en Cisco IOS Software y Cisco IOS XE Software, podría permitir a un atacante remoto no autenticado impedir que IKEv2 establezca nuevas asociaciones de seguridad. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-9p23Jj2a • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 260EXPL: 0CVE-2020-3226 – Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3226
A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on received SIP messages. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service condition. Una vulnerabilidad en la biblioteca Session Initiation Protocol (SIP) de Cisco IOS Software y Cisco IOS XE Software, podría permitir que un atacante remoto no autenticado desencadene una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sip-Cv28sQw2 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 278EXPL: 0CVE-2020-3225 – Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3225
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Múltiples vulnerabilidades en la implementación de la funcionalidad Common Industrial Protocol (CIP) de Cisco IOS Software y Cisco IOS XE Software, podrían permitir a un atacante remoto no autenticado causar la recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cipdos-hkfTZXEx • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 679EXPL: 0CVE-2020-3217 – Cisco IOS, IOS XE, IOS XR, and NX-OS Software One Platform Kit Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-3217
A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol message to an affected device. An exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges, or to cause a process crash, which could result in a reload of the device and cause a DoS condition. Una vulnerabilidad en el Topology Discovery Service de Cisco One Platform Kit (onePK) en Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, y Cisco NX-OS Software, podría permitir a un atacante adyacente no autenticado ejecutar código arbitrario o causar una condición de denegación de servicio (DoS) sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2020-3210 – Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-3210
A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •