CVSS: 4.6EPSS: 0%CPEs: 240EXPL: 0CVE-2022-20864 – Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20864
A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password. Una vulnerabilidad en la función de des habilitación de la recuperación de contraseñas del software Cisco IOS XE ROM Monitor (ROMMON) para Cisco Catalyst Switches podría permitir a un atacante local no autenticado recuperar la configuración o restablecer la contraseña de habilitación. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 8.6EPSS: 0%CPEs: 193EXPL: 0CVE-2022-20870 – Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20870
A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Una vulnerabilidad en la función de procesamiento de paquetes MPLS de salida del software Cisco IOS XE para los conmutadores de la familia Cisco Catalyst 3650, Catalyst 3850 y Catalyst 9000 podría permitir a un atacante remoto no autenticado causar una recarga inesperada del dispositivo afectado, resultando en una situación de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 8.6EPSS: 0%CPEs: 53EXPL: 0CVE-2020-3510 – Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3510
A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device. Una vulnerabilidad en el componente Umbrella Connector de Cisco IOS XE Software para Cisco Catalyst 9200 Series Switches, podría permitir a un atacante remoto no autenticado desencadenar una recarga, resultando en una condición de denegación de servicio en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-umbrella-dos-t2QMUX37 • CWE-388: 7PK - Errors CWE-400: Uncontrolled Resource Consumption •