CVE-2020-3473 – Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3473
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks. Una vulnerabilidad en la asignación de grupos de tareas para un comando de la CLI específico en Cisco IOS XR Software, podría permitir a un usuario del shell de la CLI local autenticado elevar privilegios y obtener el control administrativo total del dispositivo. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVE-2020-3530 – Cisco IOS XR Authenticated User Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3530
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVE-2020-3449 – Cisco IOS XR Software Additional Paths Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3449
A vulnerability in the Border Gateway Protocol (BGP) additional paths feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent authorized users from monitoring the BGP status and cause the BGP process to stop processing new updates, resulting in a denial of service (DOS) condition. The vulnerability is due to an incorrect calculation of lexicographical order when displaying additional path information within Cisco IOS XR Software, which causes an infinite loop. An attacker could exploit this vulnerability by sending a specific BGP update from a BGP neighbor peer session of an affected device; an authorized user must then issue a show bgp command for the vulnerability to be exploited. A successful exploit could allow the attacker to prevent authorized users from properly monitoring the BGP status and prevent BGP from processing new updates, resulting in outdated information in the routing and forwarding tables. Una vulnerabilidad en la funcionalidad de rutas adicionales del Border Gateway Protocol (BGP) del Cisco IOS XR Software podría permitir a un atacante remoto no autenticado impedir que los usuarios autorizados monitoreen el estado de BGP y causar que el proceso de BGP deje de procesar nuevas actualizaciones, resultando en una condición de servicio (DOS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-ErKEqAer • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2020-3190 – Cisco IOS XR Software IPsec Packet Processor Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3190
A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. The vulnerability is due to improper handling of packets by the IPsec packet processor. An attacker could exploit this vulnerability by sending malicious ICMP error messages to an affected device that get punted to the IPsec packet processor. A successful exploit could allow the attacker to deplete IPsec memory, resulting in all future IPsec packets to an affected device being dropped by the device. Manual intervention is required to recover from this situation. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipsec-dos-q8UPX6m • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-16027 – Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-16027
A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process. Una vulnerabilidad en la implementación de la funcionalidad del protocolo de enrutamiento Intermediate System–to–Intermediate System (IS–IS) en Cisco IOS XR Software, podría permitir a un atacante remoto autenticado causar una condición de denegación de servicio (DoS) en el proceso IS–IS. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos • CWE-20: Improper Input Validation •