Page 9 of 50 results (0.004 seconds)

CVSS: 6.0EPSS: 0%CPEs: 128EXPL: 0

A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators. Una vulnerabilidad en los permisos del sistema de archivos de Cisco IOS XE Software, podría permitir a un atacante local autenticado conseguir acceso de lectura y escritura a la configuración crítica o archivos del sistema. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unauth-file-access-eBTWkKVW • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.4EPSS: 0%CPEs: 149EXPL: 0

A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload. Una vulnerabilidad en la funcionalidad de Address Resolution Protocol (ARP) de IP de Cisco IOS XE Software para Cisco ASR 1000 Series Aggregation Services Routers con un Embedded Services Processor (ESP) de 20-Gbps instalado, podría permitir a un atacante adyacente no autenticado causar la recarga de un dispositivo afectado, resultando en una condición de denegación de servicio. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esp20-arp-dos-GvHVggqJ • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.4EPSS: 0%CPEs: 51EXPL: 0

A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to crash, resulting in a reload of the affected device. Una vulnerabilidad en el subsistema ISDN de Cisco IOS Software y Cisco IOS XE Software, podría permitir a un atacante adyacente no autenticado causar una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-isdn-q931-dos-67eUZBTf • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 118EXPL: 0

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device. Una vulnerabilidad en Cisco IOS XE Software, podría permitir a un atacante local autenticado escalar sus privilegios hacia un usuario con privilegios de nivel root. La vulnerabilidad es debido a una comprobación insuficiente del contenido suministrado por el usuario. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc2-A6jVRu7C • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 23EXPL: 0

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network. Múltiples productos de Cisco están afectados por una vulnerabilidad en el motor de detección Snort que podría permitir a un atacante remoto no autenticado omitir las políticas de archivos configuradas sobre un sistema afectado. • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP https://www.debian.org/security/2023/dsa-5354 • CWE-668: Exposure of Resource to Wrong Sphere CWE-693: Protection Mechanism Failure •