CVSS: 4.9EPSS: 0%CPEs: 240EXPL: 0CVE-2022-20864 – Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20864
10 Oct 2022 — A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 8.6EPSS: 0%CPEs: 193EXPL: 0CVE-2022-20870 – Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20870
10 Oct 2022 — A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interface. A succe... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.7EPSS: 0%CPEs: 965EXPL: 0CVE-2021-1620 – Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1620
23 Sep 2021 — A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit coul... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr • CWE-563: Assignment to Variable without Use CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 1%CPEs: 131EXPL: 0CVE-2020-3141 – Cisco IOS XE Software Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3141
24 Sep 2020 — Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el framework de administración web de Cisco IOS XE Software, podrían permitir a un atacante remoto autenticado con privilegios de solo lectura elevar los... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2020-3393 – Cisco IOS XE Software IOx Application Hosting Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3393
24 Sep 2020 — A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-iox-app-host-mcZcnsBt • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 56EXPL: 0CVE-2020-3396 – Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3396
24 Sep 2020 — A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-usb-guestshell-WmevScDj • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2020-3404 – Cisco IOS XE Software Consent Token Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3404
24 Sep 2020 — A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ctbypass-7QHAfHkK • CWE-863: Incorrect Authorization •
CVSS: 8.6EPSS: 1%CPEs: 128EXPL: 0CVE-2020-3407 – Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3407
24 Sep 2020 — A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO • CWE-476: NULL Pointer Dereference •
CVSS: 8.6EPSS: 1%CPEs: 129EXPL: 0CVE-2020-3408 – Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3408
24 Sep 2020 — A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname t... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-splitdns-SPWqpdGW • CWE-185: Incorrect Regular Expression CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 216EXPL: 0CVE-2020-3425 – Cisco IOS XE Software Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3425
24 Sep 2020 — Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el framework de administración web de Cisco IOS XE Software, podrían permitir a un atacante remoto autenticado con privilegios de solo lectura elevar los... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM • CWE-20: Improper Input Validation •