CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3272 – Cisco Prime Network Registrar DHCP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3272
22 May 2020 — A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition. Una vulnerabilidad en el... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpnr-dhcp-dos-BkEZfhLP • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3148 – Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2020-3148
04 Mar 2020 — A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An attacker could exploit this vulnerability by persuading a targeted user, with an active administrative session on the affected device, to click a malicious link. A successful exploit could allow an attacker to chang... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpnr-csrf-WWTrDkyL • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1840 – Cisco Prime Network Registrar Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1840
18 Apr 2019 — A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the ... • http://www.securityfocus.com/bid/108033 • CWE-665: Improper Initialization •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-6613
https://notcve.org/view.php?id=CVE-2017-6613
20 Apr 2017 — A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete DNS packet header validation when the packet is received by the application. An attacker could exploit this vulnerability by sending a malformed DNS packet to the application. An exploit could allow the a... • http://www.securityfocus.com/bid/97924 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-1427
https://notcve.org/view.php?id=CVE-2016-1427
18 Jun 2016 — The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694. La interfaz de mensajería principal System Configuration Protocol (SCP) en Cisco Prime Network Registrar 8.2 en versiones anteriores a 8.2.3.1 y 8.3 en versiones anteriores a 8.3.2 permite a atacantes remotos obtener información sensible a través de mensajes SCP manipu... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6296
https://notcve.org/view.php?id=CVE-2015-6296
18 Sep 2015 — Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has a default account, which allows local users to obtain root access by leveraging knowledge of the credentials, aka Bug ID CSCuw21825. Vulnerabilidad en Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3) y 8.3(2), tiene una cuenta por defecto, lo que permite a usuarios locales obtener acceso root aprovechándose del conocimiento de las credenciales, también conocida como Bug ID CSCuw21825. • http://tools.cisco.com/security/center/viewAlert.x?alertId=41041 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3394
https://notcve.org/view.php?id=CVE-2013-3394
27 Nov 2013 — Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka Bug ID CSCuh41429. Vulnerabilidad de XSS en la interfaz web de Cisco Prime Network Registrar 8.1 y anteriores versiones permite a atacantes remotos inyectar script web o HTML arbitrario a través de campos manipulados, también conocido como Bug ID CSCuh41429. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •