Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-3474 | 1 Cisco | 101 1100 Integrated Services Router, Asr 1001-hx, Asr 1001-x and 98 more | 2021-10-07 | 5.5 MEDIUM | 8.1 HIGH |
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2020-3428 | 1 Cisco | 75 1100 Integrated Services Router, 4221 Integrated Services Router, 4321 Integrated Services Router and 72 more | 2021-10-07 | 6.1 MEDIUM | 6.5 MEDIUM |
A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit could cause an affected device to reboot, resulting in a DoS condition. | |||||
CVE-2020-3423 | 1 Cisco | 27 1100 Integrated Services Router, 4221 Integrated Services Router, 4321 Integrated Services Router and 24 more | 2021-10-07 | 7.2 HIGH | 6.7 MEDIUM |
A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device. | |||||
CVE-2020-3479 | 1 Cisco | 27 1100 Integrated Services Router, 4221 Integrated Services Router, 4321 Integrated Services Router and 24 more | 2021-10-07 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition. | |||||
CVE-2019-12654 | 1 Cisco | 17 1100 Integrated Services Router, 4221 Integrated Services Router, 4321 Integrated Services Router and 14 more | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device. |