CVSS: 8.8EPSS: 0%CPEs: 216EXPL: 0CVE-2020-3425 – Cisco IOS XE Software Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3425
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el framework de administración web de Cisco IOS XE Software, podrían permitir a un atacante remoto autenticado con privilegios de solo lectura elevar los privilegios al nivel de un usuario administrador en un dispositivo afectado. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 74EXPL: 0CVE-2020-3428 – Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3428
A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit could cause an affected device to reboot, resulting in a DoS condition. Una vulnerabilidad en la funcionalidad WLAN Local Profiling de Cisco IOS XE Wireless Controller Software para Cisco Catalyst 9000 Family, podría permitir a un atacante adyacente no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dclass-dos-VKh9D8k3 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.4EPSS: 0%CPEs: 20EXPL: 0CVE-2020-3465 – Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3465
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en Cisco IOS XE Software, podría permitir a un atacante adyacente no autenticado causar la recarga de un dispositivo. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2020-3479 – Cisco IOS and IOS XE Software MP-BGP EVPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3479
A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition. Una vulnerabilidad en la implementación de Multiprotocol Border Gateway Protocol (MP-BGP) para la familia de direcciones Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) en Cisco IOS Software y Cisco IOS XE Software, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-bgp-evpn-dos-LNfYJxfF • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 26EXPL: 0CVE-2020-3480 – Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3480
Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-94ckG4G • CWE-754: Improper Check for Unusual or Exceptional Conditions •