CVE-2020-3512 – Cisco IOS and IOS XE Software PROFINET Link Layer Discovery Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3512
A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of LLDP messages in the PROFINET LLDP message handler. An attacker could exploit this vulnerability by sending a malicious LLDP message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload. Una vulnerabilidad en el manejador PROFINET para los mensajes Link Layer Discovery Protocol (LLDP) de Cisco IOS Software y Cisco IOS XE Software, podría permitir a un atacante adyacente no autenticado causar un bloqueo en un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-profinet-dos-65qYG3W5 • CWE-388: 7PK - Errors CWE-400: Uncontrolled Resource Consumption •
CVE-2017-3881 – Cisco IOS and IOS XE Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3881
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. • https://www.exploit-db.com/exploits/41872 https://www.exploit-db.com/exploits/42122 https://github.com/homjxi0e/CVE-2017-3881-exploit-cisco- https://github.com/homjxi0e/CVE-2017-3881-Cisco https://github.com/1337g/CVE-2017-3881 https://github.com/mzakyz666/PoC-CVE-2017-3881 http://www.securityfocus.com/bid/96960 http://www.securityfocus.com/bid/97391 http://www.securitytracker.com/id/1038059 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201 • CWE-20: Improper Input Validation •
CVE-2016-1399
https://notcve.org/view.php?id=CVE-2016-1399
The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431. El microcódigo de procesamiento de paquetes en Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2 y 15.2(4)EA en dispositivos Industrial Ethernet 4000 y 15.2(2)EB y 15.2(2)EB1 en dispositivos Industrial Ethernet 5000 permite a atacantes remotos provocar una denegación de servicio (corrupción de paquete de datos) a través de paquetes ICMP IPv4 manipulados, también conocido como Bug ID CSCuy13431. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160513-ies http://www.securityfocus.com/bid/90665 http://www.securitytracker.com/id/1035898 https://ics-cert.us-cert.gov/advisories/ICSA-16-175-01 • CWE-399: Resource Management Errors •