CVSS: 7.1EPSS: 0%CPEs: 149EXPL: 0CVE-2018-0282 – Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0282
A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. • http://www.securityfocus.com/bid/106510 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-tcp • CWE-371: State Issues •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0466 – Cisco IOS and IOS XE Software OSPFv3 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0466
A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a denial of service (DoS) condition. Una vulnerabilidad en la implementación de Open Shortest Path First version 3 (OSPFv3) en Cisco IOS e IOS XE Software podría permitir que un atacante adyacente sin autenticar provoque que un dispositivo afectado se reinicie. • http://www.securityfocus.com/bid/105403 http://www.securitytracker.com/id/1041737 https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ospfv3-dos • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 19EXPL: 0CVE-2018-15428 – Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15428
A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. • http://www.securitytracker.com/id/1041790 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-iosxr-dos • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15371 – Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2018-15371
A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by requesting access to the root shell of an affected device, after the shell access feature has been enabled. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device. Una vulnerabilidad en el mecanismo de petición de acceso al shell de Cisco IOS XE Software podría permitir que un atacante local autenticado omita la autenticación y obtenga acceso sin restricciones al shell root de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-shell-access • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15368 – Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability
https://notcve.org/view.php?id=CVE-2018-15368
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux filesystem on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Una vulnerabilidad en el analizador CLI de Cisco IOS XE Software podría permitir que un atacante local autenticado obtenga acceso al shell Linux subyacente de un dispositivo afectado y ejecute comandos arbitrarios con privilegios root en el dispositivo. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-privesc • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •