2 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. • http://www.securityfocus.com/bid/100641 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-fnd • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640. La web GUI en Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) y 3.0(0.54) permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y modificar la configuración mediante el aprovechamiento del rol Monitor-Only, también conocido como Bug ID CSCuw42640. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms http://www.securitytracker.com/id/1034106 • CWE-264: Permissions, Privileges, and Access Controls •