3 results (0.001 seconds)

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. Una vulnerabilidad en el proceso NETCONF de los routers Cisco SD-WAN vEdge podría permitir a un atacante local autenticado causar a un dispositivo afectado quedarse sin memoria, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vedge-dos-jerVm4bB • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •

CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0

Reflected cross site scripting (XSS) Una vulnerabilidad de tipo cross site scripting (XSS) Reflejado • https://support.citrix.com/article/CTX370550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 32EXPL: 0

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI Unas credenciales embebidas permiten a administradores acceder al shell por medio de la CLI de SD-WAN • https://support.citrix.com/article/CTX370550 • CWE-798: Use of Hard-coded Credentials •