CVSS: 5.8EPSS: 0%CPEs: 26EXPL: 0CVE-2021-1495 – Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1495
29 Apr 2021 — Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload. Múltiples... • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0CVE-2021-1381 – Cisco IOS XE Software Active Debug Code Vulnerability
https://notcve.org/view.php?id=CVE-2021-1381
24 Mar 2021 — A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could exploit this vulnerability by running commands on the hardware platform to open a debugging console. A successful exploit could allow the attacker to access a debugging console. Una vulnerabilidad en el Software Cis... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-BLKH-Ouvrnf2s • CWE-489: Active Debug Code •
CVSS: 6.9EPSS: 0%CPEs: 59EXPL: 0CVE-2021-1281 – Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1281
24 Mar 2021 — A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an administrative user and executing a sequence of commands. A successful exploit could allow the attacker to obtain access to the underlying operating system as the root user. U... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-clipriv-9TO2QGVp • CWE-399: Resource Management Errors •
CVSS: 7.4EPSS: 0%CPEs: 89EXPL: 0CVE-2021-1352 – Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1352
24 Mar 2021 — A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload,... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2021-1356 – Cisco IOS XE Software Web UI Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1356
24 Mar 2021 — Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.6EPSS: 0%CPEs: 32EXPL: 0CVE-2021-1373 – Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1373
24 Mar 2021 — A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exp... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-2OA3JgKS • CWE-126: Buffer Over-read •
CVSS: 5.8EPSS: 0%CPEs: 302EXPL: 0CVE-2021-1377 – Cisco IOS and IOS XE Software ARP Resource Management Exhaustion Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1377
24 Mar 2021 — A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests o... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arp-mtfhBfjE • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1CVE-2021-1382 – Cisco IOS XE SD-WAN Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1382
24 Mar 2021 — A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successf... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-7xfm-92p7-qc57 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 63EXPL: 1CVE-2021-1383 – Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1383
24 Mar 2021 — Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allo... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-vw54-f9mw-g46r • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.5EPSS: 26%CPEs: 5EXPL: 1CVE-2021-1384 – Cisco IOx for IOS XE Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1384
24 Mar 2021 — A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages loaded onto IOx. An attacker could exploit this vulnerability by creating a crafted application .tar file and loading it onto the device. A successful exploit could allow the attacker to perform command injection into... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-h332-fj6p-2232 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •