Page 7 of 46 results (0.003 seconds)

CVSS: 8.6EPSS: 0%CPEs: 278EXPL: 0

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Múltiples vulnerabilidades en la implementación de la funcionalidad Common Industrial Protocol (CIP) de Cisco IOS Software y Cisco IOS XE Software, podrían permitir a un atacante remoto no autenticado causar la recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cipdos-hkfTZXEx • CWE-20: Improper Input Validation •

CVSS: 9.0EPSS: 0%CPEs: 92EXPL: 0

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device. Una vulnerabilidad en la Interfaz de Usuario web de Cisco IOS XE Software, podría permitir a un atacante remoto autenticado inyectar y ejecutar comandos arbitrarios con privilegios administrativos en el sistema operativo subyacente de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj2-fOnjk2LD • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.0EPSS: 0%CPEs: 58EXPL: 0

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying Linux shell. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by first creating a malicious file on the affected device itself and then uploading a second malicious file to the device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or bypass licensing requirements on the device. Una vulnerabilidad en la Interfaz de Usuario web de Cisco IOS XE Software, podría permitir a un atacante remoto autenticado con privilegios administrativos ejecutar código arbitrario con privilegios root en el shell de Linux subyacente. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-rce-uk8BXcUD • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 679EXPL: 0

A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol message to an affected device. An exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges, or to cause a process crash, which could result in a reload of the device and cause a DoS condition. Una vulnerabilidad en el Topology Discovery Service de Cisco One Platform Kit (onePK) en Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, y Cisco NX-OS Software, podría permitir a un atacante adyacente no autenticado ejecutar código arbitrario o causar una condición de denegación de servicio (DoS) sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 192EXPL: 0

A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up. An exploit could allow the attacker to elevate from a Priv15 user to the root user and execute arbitrary commands with the privileges of the root user. Una vulnerabilidad en el ROMMON de Cisco IOS XE Software, podría permitir a un atacante local autenticado elevar los privilegios a los del usuario root del sistema operativo subyacente. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc3-GMgnGCHx • CWE-264: Permissions, Privileges, and Access Controls •