CVSS: 8.6EPSS: 0%CPEs: 235EXPL: 0CVE-2024-20271
https://notcve.org/view.php?id=CVE-2024-20271
27 Mar 2024 — A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 171EXPL: 0CVE-2024-20265
https://notcve.org/view.php?id=CVE-2024-20265
27 Mar 2024 — A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation che... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD • CWE-501: Trust Boundary Violation •
CVSS: 7.7EPSS: 0%CPEs: 12EXPL: 0CVE-2024-20336
https://notcve.org/view.php?id=CVE-2024-20336
06 Mar 2024 — A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based manageme... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.7EPSS: 0%CPEs: 46EXPL: 0CVE-2024-20335
https://notcve.org/view.php?id=CVE-2024-20335
06 Mar 2024 — A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •