CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2019-1756 – Cisco IOS XE Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1756
A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system. Una vulnerabilidad en el software Cisco IOS XE podría permitir que un atacante remoto autenticado ejecute comandos en el shell de Linux subyacente de un dispositivo afectado con privilegios root. • http://www.securityfocus.com/bid/107598 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinject • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 15EXPL: 0CVE-2019-1753 – Cisco IOS XE Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1753
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. Una vulnerabilidad en la interfaz web del software Cisco IOS XE podría permitir que un atacante remoto autenticado sin privilegios (nivel 1) ejecute comandos Cisco IOS privilegiados mediante el uso de la interfaz web. • http://www.securityfocus.com/bid/107602 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-pe • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 567EXPL: 0CVE-2019-1746 – Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1746
A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically. • http://www.securityfocus.com/bid/107612 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2019-1742 – Cisco IOS XE Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1742
A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information. Una vulnerabilidad en la interfaz web del software Cisco IOS XE podría permitir que un atacante remoto no autenticado acceda a información sensible sobre la configuración. • http://www.securityfocus.com/bid/107600 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xeid • CWE-16: Configuration •
CVSS: 8.6EPSS: 0%CPEs: 149EXPL: 0CVE-2019-1740 – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1740
A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la funcionalidad NBAR (Network-Based Application Recognition) de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque que el dispositivo afectado se recargue. • http://www.securityfocus.com/bid/107597 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar • CWE-20: Improper Input Validation •