CVSS: 5.8EPSS: 0%CPEs: 302EXPL: 0CVE-2021-1377 – Cisco IOS and IOS XE Software ARP Resource Management Exhaustion Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1377
A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful for legitimate hosts, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la administración del Address Resolution Protocol (ARP) del Software Cisco IOS y el Software Cisco IOS XE, podría permitir a un atacante remoto no autenticado impedir que un dispositivo afectado resuelva entradas ARP para hosts legítimos en las subredes conectadas. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arp-mtfhBfjE • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 63EXPL: 1CVE-2021-1383 – Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1383
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges. • https://github.com/orangecertcc/security-research/security/advisories/GHSA-vw54-f9mw-g46r https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwpinj-V4weeqzU • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.2EPSS: 0%CPEs: 74EXPL: 0CVE-2021-1390 – Cisco IOS XE Software Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1390
A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnerability exists because the affected software permits modification of the run-time memory of an affected device under specific circumstances. An attacker could exploit this vulnerability by authenticating to the affected device and issuing a specific diagnostic test command at the CLI. A successful exploit could trigger a logic error in the code that was designed to restrict run-time memory modifications. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-OFP-6Nezgn7b • CWE-123: Write-what-where Condition •
CVSS: 7.2EPSS: 0%CPEs: 134EXPL: 0CVE-2021-1391 – Cisco IOS and IOS XE Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1391
A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege. Una vulnerabilidad en el depurador dragonite del Software Cisco IOS XE, podría permitir a un atacante local autenticado escalar del nivel de privilegio 15 al privilegio de root. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc • CWE-489: Active Debug Code •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2021-1394 – Cisco IOS XE Software for Network Convergence System 520 Routers Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1394
A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This vulnerability is due to incorrect processing of certain IPv4 TCP traffic that is destined to an affected device. An attacker could exploit this vulnerability by sending a large number of crafted TCP packets to the affected device. A successful exploit could allow the attacker to cause the web management interface to become unavailable, resulting in a DoS condition. Note: This vulnerability does not impact traffic that is going through the device or going to the Management Ethernet interface of the device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs520-tcp-ZpzzOxB • CWE-399: Resource Management Errors •