Page 7 of 90 results (0.003 seconds)

CVSS: 5.9EPSS: 0%CPEs: 239EXPL: 0

A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Una vulnerabilidad en la funcionalidad Cisco Smart Call Home de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado obtenga acceso de lectura no autorizado a datos sensibles mediante un certificado inválido. • http://www.securityfocus.com/bid/107617 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert • CWE-295: Improper Certificate Validation •

CVSS: 8.6EPSS: 0%CPEs: 322EXPL: 0

A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. Una vulnerabilidad en las funciones ISDN de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque que el dispositivo afectado se recargue. • http://www.securityfocus.com/bid/107589 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 155EXPL: 0

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands. An exploit could allow the attacker to gain root privileges on the affected device. Una vulnerabilidad en el software Cisco IOS XE podría permitir que un atacante local autenticado inyecte comandos arbitrarios que se ejecutan con privilegios elevados. • http://www.securityfocus.com/bid/107588 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xecmd • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487. Múltiples vulnerabilidades de desbordamiento de búfer en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco IOS XE Software y Cisco IOS XR Software podrían permitir que un atacante adyacente sin autenticar provoque una condición de denegación de servicio (DoS) o que ejecute código arbitrario con privilegios elevados en un dispositivo afectado. Cisco Bug IDs: CSCuo17183, CSCvd73487. There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code. • http://www.securityfocus.com/bid/103564 http://www.securitytracker.com/id/1040586 https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03 https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04 https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.6EPSS: 1%CPEs: 24EXPL: 0

A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. • http://www.securityfocus.com/bid/103545 http://www.securitytracker.com/id/1040591 https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04 https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2 https://www.tenable.com/security/research/tra-2018-06 • CWE-20: Improper Input Validation •