CVSS: 6.9EPSS: 0%CPEs: 24EXPL: 0CVE-2021-34723 – Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2021-34723
23 Sep 2021 — A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-arbfileov-MVOF3ZZn • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.8EPSS: 0%CPEs: 203EXPL: 0CVE-2021-34703 – Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34703
23 Sep 2021 — A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a spec... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-dos-sBnuHSjT • CWE-456: Missing Initialization of a Variable CWE-665: Improper Initialization •
CVSS: 7.7EPSS: 0%CPEs: 834EXPL: 0CVE-2021-34699 – Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34699
23 Sep 2021 — A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Una vulnerab... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2 • CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities CWE-436: Interpretation Conflict •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34697 – Cisco IOS XE Software Protection Against Distributed Denial of Service Attacks Feature Vulnerability
https://notcve.org/view.php?id=CVE-2021-34697
23 Sep 2021 — A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) attacks to or through the affected device. This vulnerability is due to incorrect programming of the half-opened connections limit, TCP SYN flood limit, or TCP SYN cookie features when the features are configured in vulnerable releases of Cisco IOS XE Software. An attacker could exploit this vulnerability by attemp... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-tguGuYq • CWE-665: Improper Initialization •
CVSS: 5.8EPSS: 0%CPEs: 23EXPL: 0CVE-2021-34696 – Cisco ASR 900 and ASR 920 Series Aggregation Services Routers Access Control List Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-34696
23 Sep 2021 — A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr900acl-UeEyCxkv • CWE-284: Improper Access Control •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1625 – Cisco IOS XE Software Zone-Based Policy Firewall ICMP and UDP Inspection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1625
23 Sep 2021 — A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. This vulnerability exists because ICMP and UDP responder-to-initiator flows are not inspected when the Zone-Based Policy Firewall has either Unified Threat Defense (UTD) or Application Quality of Experience (AppQoE) configured. An attacker could exploit this vulnerability by attempting to send UDP or I... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-pP9jfzwL • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 20EXPL: 0CVE-2021-1624 – Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1624
23 Sep 2021 — A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to mishandling of the rate limiting feature within the QuantumFlow Processor. An attacker could exploit this vulnerability by sending large amounts of traffic that would be subject to NAT and rate... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ratenat-pYVLA7wM • CWE-399: Resource Management Errors •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1623 – Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Simple Network Management Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1623
23 Sep 2021 — A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device punt path, resulting in a denial of service (DoS) condition. This vulnerability is due to the punt path being overwhelmed by large quantities of SNMP requests. An attacker could exploit this vulnerability by sending a large number of SNMP requests to an affected device. A successful exploit could allow the attack... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8snmp-zGjkZ9Fc • CWE-399: Resource Management Errors •
CVSS: 8.6EPSS: 0%CPEs: 14EXPL: 0CVE-2021-1622 – Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Common Open Policy Service Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1622
23 Sep 2021 — A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. This vulnerability is due to a deadlock condition in the code when processing COPS packets under certain conditions. An attacker could exploit this vulnerability by sending COPS packets with high burst rates to an affected device. A successful exploit could ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8-cops-Vc2ZsJSx • CWE-667: Improper Locking CWE-833: Deadlock •
CVSS: 5.8EPSS: 0%CPEs: 26EXPL: 0CVE-2021-1495 – Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1495
29 Apr 2021 — Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload. Múltiples... • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html • CWE-755: Improper Handling of Exceptional Conditions •