CVSS: 8.6EPSS: 0%CPEs: 852EXPL: 0CVE-2023-20080 – Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-20080
23 Mar 2023 — A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dhcpv6-dos-44cMvdDK • CWE-129: Improper Validation of Array Index •
CVSS: 7.7EPSS: 0%CPEs: 1446EXPL: 0CVE-2022-20920 – Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20920
10 Oct 2022 — A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload. Una vulnerabilidad en la impl... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.0EPSS: 0%CPEs: 142EXPL: 0CVE-2022-20720 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20720
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-4qmq-rfw6-f2x2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 142EXPL: 0CVE-2022-20721 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20721
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-p3w5-w45c-c34x • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 142EXPL: 0CVE-2022-20722 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20722
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-2qx4-9cr7-gg38 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 142EXPL: 1CVE-2022-20723 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20723
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-cq9c-3cwm-7j7q • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.6EPSS: 0%CPEs: 214EXPL: 1CVE-2022-20724 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20724
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-xr7h-wjgg-h3rp • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 278EXPL: 0CVE-2022-20725 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20725
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-qpmg-4qc4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 214EXPL: 0CVE-2022-20727 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20727
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.4EPSS: 0%CPEs: 90EXPL: 0CVE-2022-20684 – Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20684
15 Apr 2022 — A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. This vulnerability is due to a lack of input validation of the information used to generate an SNMP trap related to a wireless client connection event. An attacker could expl... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-snmp-trap-dos-mjent3Ey • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •