CVSS: 7.4EPSS: 0%CPEs: 123EXPL: 0CVE-2021-1403 – Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2021-1403
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient HTTP protections in the web UI on an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the web UI to follow a crafted link. A successful exploit could allow the attacker to corrupt memory on the affected device, forcing it to reload and causing a DoS condition. Una vulnerabilidad en la funcionalidad de la Interfaz de Usuario Web del Software Cisco IOS XE, podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de secuestro de WebSocket (CSWSH) entre sitios y causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cswsh-FKk9AzT5 • CWE-345: Insufficient Verification of Data Authenticity CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.6EPSS: 0%CPEs: 265EXPL: 0CVE-2021-1446 – Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1446
A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a logic error that occurs when an affected device inspects certain DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through an affected device that is performing NAT for DNS packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability can be exploited only by traffic that is sent through an affected device via IPv4 packets. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-hbBS7SZE • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.5EPSS: 0%CPEs: 61EXPL: 0CVE-2021-1443 – Cisco IOS XE Software Web UI OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1443
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly sanitizes values that are parsed from a specific configuration file. An attacker could exploit this vulnerability by tampering with a specific configuration file and then sending an API call. A successful exploit could allow the attacker to inject arbitrary code that would be executed on the underlying operating system of the affected device. To exploit this vulnerability, the attacker would need to have a privileged set of credentials to the device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-os-cmd-inj-Ef6TV5e9 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 224EXPL: 0CVE-2021-1442 – Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1442
A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to insufficient protection of sensitive information. An attacker with low privileges could exploit this vulnerability by issuing the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device. A successful exploit could allow the attacker to obtain a privileged authentication token. This token can be used to send crafted PnP messages and execute privileged commands on the targeted system. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.0EPSS: 0%CPEs: 36EXPL: 0CVE-2021-1435 – Cisco IOS XE Software Web UI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1435
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Una vulnerabilidad en la Interfaz de Usuario Web del Software Cisco IOS XE, podría permitir a un atacante remoto autenticado inyectar comandos arbitrarios que se pueden ejecutar como usuario root. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webcmdinjsh-UFJxTgZD • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •