CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6780
https://notcve.org/view.php?id=CVE-2017-6780
07 Sep 2017 — A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to c... • http://www.securityfocus.com/bid/100641 • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6362
https://notcve.org/view.php?id=CVE-2015-6362
10 Nov 2015 — The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640. La web GUI en Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) y 3.0(0.54) permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y modificar la configuración mediante el aprovechamiento del rol Monitor-Only... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms • CWE-264: Permissions, Privileges, and Access Controls •