CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15370 – Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2018-15370
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. • http://www.securityfocus.com/bid/105412 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-catalyst6800 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0477 – Cisco IOS XE Software Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-0477
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. Una vulnerabilidad en el analizador CLI de Cisco IOS XE Software podría permitir que un atacante local autenticado ejecute comandos en el shell Linux subyacente de un dispositivo afectado con privilegios root. • http://www.securitytracker.com/id/1041737 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1195EXPL: 0CVE-2018-0197 – Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0197
A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. • http://www.securityfocus.com/bid/105424 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-vtp • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0471 – Cisco IOS XE Software Cisco Discovery Protocol Memory Leak Vulnerability
https://notcve.org/view.php?id=CVE-2018-0471
A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device. Una vulnerabilidad en el módulo Cisco Discovery Protocol (CDP) de Cisco IOS XE en versiones de software 16.6.1 y 16.6.2 podría permitir que un atacante adyacente sin autenticar provoque una fuga de memoria que podría conducir a una denegación de servicio (DoS). • http://www.securityfocus.com/bid/105398 http://www.securitytracker.com/id/1041737 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-memleak • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15372 – Cisco IOS XE Software MACsec MKA Using EAP-TLS Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2018-15372
A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. The vulnerability is due to a logic error in the affected software. An attacker could exploit this vulnerability by connecting to and passing traffic through a Layer 3 interface of an affected device, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the attacker to bypass 802.1x network access controls and gain access to the network. Una vulnerabilidad en la funcionalidad MACsec Key Agreement (MKA) empleando Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) de Cisco IOS XE Software podría permitir que un atacante adyacente sin autenticar omita la autenticación y pase tráfico a través de una interfaz Layer 3 de un dispositivo afectado. • http://www.securityfocus.com/bid/105416 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-macsec • CWE-284: Improper Access Control •