Filtered by vendor Cisco
Subscribe
Total
5838 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3317 | 1 Cisco | 1 Firepower Threat Defense | 2021-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the ssl_inspection component. An attacker could exploit this vulnerability by sending a malformed TLS packet through a Cisco Adaptive Security Appliance (ASA). A successful exploit could allow the attacker to crash a Snort instance, resulting in a denial of service (DoS) condition. | |||||
| CVE-2020-3327 | 4 Canonical, Cisco, Debian and 1 more | 4 Ubuntu Linux, Clam Antivirus, Debian Linux and 1 more | 2021-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | |||||
| CVE-2020-3222 | 1 Cisco | 1 Ios Xe | 2021-09-22 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to the proxy service. An exploit could allow the attacker to bypass access restrictions on the network by proxying their access request through the management network of the affected device. As the proxy is reached over the management virtual routing and forwarding (VRF), this could reduce the effectiveness of the bypass. | |||||
| CVE-2021-34737 | 1 Cisco | 37 Asr 9000v-v2, Asr 9001, Asr 9006 and 34 more | 2021-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the dhcpd process. While the dhcpd process is restarting, which may take up to approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period. Note: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload. | |||||
| CVE-2021-34709 | 1 Cisco | 23 8101-32fh, 8101-32h, 8102-64h and 20 more | 2021-09-21 | 6.9 MEDIUM | 6.4 MEDIUM |
| Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34718 | 1 Cisco | 36 Asr 9000v-v2, Asr 9001, Asr 9006 and 33 more | 2021-09-21 | 8.5 HIGH | 8.1 HIGH |
| A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to. | |||||
| CVE-2021-34708 | 1 Cisco | 23 8101-32fh, 8101-32h, 8102-64h and 20 more | 2021-09-21 | 7.2 HIGH | 6.7 MEDIUM |
| Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34713 | 1 Cisco | 14 Asr 9000, Asr 9000v-v2, Asr 9001 and 11 more | 2021-09-21 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot. | |||||
| CVE-2021-1584 | 1 Cisco | 42 Nexus 9000, Nexus 9000v, Nexus 92160yc-x and 39 more | 2021-09-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root. | |||||
| CVE-2021-34728 | 1 Cisco | 46 8101-32fh, 8101-32h, 8102-64h and 43 more | 2021-09-21 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34722 | 1 Cisco | 44 8101-32fh, 8101-32h, 8102-64h and 41 more | 2021-09-21 | 7.2 HIGH | 6.7 MEDIUM |
| Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34721 | 1 Cisco | 44 8101-32fh, 8101-32h, 8102-64h and 41 more | 2021-09-21 | 6.9 MEDIUM | 6.7 MEDIUM |
| Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34719 | 1 Cisco | 46 8101-32fh, 8101-32h, 8102-64h and 43 more | 2021-09-21 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3214 | 1 Cisco | 106 Asr 1000-x, Asr 1001, Asr 1001-x and 103 more | 2021-09-17 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device. | |||||
| CVE-2020-3259 | 1 Cisco | 2 Adaptive Security Appliance, Firepower Threat Defense | 2021-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | |||||
| CVE-2020-3304 | 1 Cisco | 2 Adaptive Security Appliance, Firepower Threat Defense | 2021-09-17 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition. Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6 (IPv6) HTTP traffic. | |||||
| CVE-2020-3283 | 1 Cisco | 29 Asa 5505, Asa 5505 Firmware, Asa 5510 and 26 more | 2021-09-17 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload. | |||||
| CVE-2020-3244 | 1 Cisco | 4 Asr 5000, Asr 5500, Asr 5700 and 1 more | 2021-09-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption. | |||||
| CVE-2020-3272 | 1 Cisco | 1 Prime Network Registrar | 2021-09-17 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition. | |||||
| CVE-2020-3263 | 1 Cisco | 1 Webex Meetings | 2021-09-17 | 7.6 HIGH | 7.5 HIGH |
| A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system. | |||||