CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3148 – Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2020-3148
04 Mar 2020 — A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An attacker could exploit this vulnerability by persuading a targeted user, with an active administrative session on the affected device, to click a malicious link. A successful exploit could allow an attacker to chang... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpnr-csrf-WWTrDkyL • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1840 – Cisco Prime Network Registrar Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1840
18 Apr 2019 — A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the ... • http://www.securityfocus.com/bid/108033 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6296
https://notcve.org/view.php?id=CVE-2015-6296
18 Sep 2015 — Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has a default account, which allows local users to obtain root access by leveraging knowledge of the credentials, aka Bug ID CSCuw21825. Vulnerabilidad en Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3) y 8.3(2), tiene una cuenta por defecto, lo que permite a usuarios locales obtener acceso root aprovechándose del conocimiento de las credenciales, también conocida como Bug ID CSCuw21825. • http://tools.cisco.com/security/center/viewAlert.x?alertId=41041 • CWE-264: Permissions, Privileges, and Access Controls •