Total
20 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-1223 | 2 Cisco, Snort | 19 Csr 1000v, Firepower Management Center, Firepower Threat Defense and 16 more | 2023-02-18 | 5.0 MEDIUM | 7.5 HIGH |
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. | |||||
CVE-2021-1236 | 2 Cisco, Snort | 19 Csr 1000v, Firepower Management Center, Firepower Threat Defense and 16 more | 2023-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. | |||||
CVE-2021-1224 | 2 Cisco, Snort | 43 Csr 1000v, Firepower Management Center, Firepower Threat Defense and 40 more | 2023-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. | |||||
CVE-2020-3408 | 1 Cisco | 129 Asr1001-hx, Asr1001-hx-rf, Asr1001-x-rf and 126 more | 2022-10-27 | 7.8 HIGH | 8.6 HIGH |
A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
CVE-2020-3407 | 1 Cisco | 128 Asr1001-hx, Asr1001-hx-rf, Asr1001-x-rf and 125 more | 2022-10-27 | 7.1 HIGH | 8.6 HIGH |
A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | |||||
CVE-2021-1621 | 1 Cisco | 45 Asr 1000, Asr 1000-x, Asr 1001 and 42 more | 2022-10-24 | 3.3 LOW | 7.4 HIGH |
A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of certain Layer 2 frames. An attacker could exploit this vulnerability by sending specific Layer 2 frames on the segment the router is connected to. A successful exploit could allow the attacker to cause a queue wedge on the interface, resulting in a DoS condition. | |||||
CVE-2021-34725 | 1 Cisco | 49 Asr 1000, Asr 1000-esp100, Asr 1000-x and 46 more | 2022-10-24 | 7.2 HIGH | 6.7 MEDIUM |
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges. | |||||
CVE-2021-1529 | 1 Cisco | 57 Asr 1000, Asr 1000-esp100, Asr 1000-x and 54 more | 2021-11-23 | 6.9 MEDIUM | 7.8 HIGH |
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. | |||||
CVE-2021-34703 | 1 Cisco | 203 Catalyst 3650-12x48fd-e, Catalyst 3650-12x48fd-l, Catalyst 3650-12x48fd-s and 200 more | 2021-10-25 | 6.8 MEDIUM | 6.5 MEDIUM |
A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a specific state. An unauthenticated, adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then waiting for an administrator of the device or a network management system (NMS) managing the device to retrieve the LLDP neighbor table of the device via either the CLI or SNMP. An authenticated, adjacent attacker with SNMP read-only credentials or low privileges on the device CLI could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then accessing the LLDP neighbor table via either the CLI or SNMP. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a reload of the device. | |||||
CVE-2021-1620 | 1 Cisco | 277 8800 12-slot, 8800 18-slot, 8800 4-slot and 274 more | 2021-10-13 | 3.5 LOW | 7.7 HIGH |
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition. | |||||
CVE-2021-34727 | 1 Cisco | 49 Asr 1000, Asr 1000-esp100, Asr 1000-x and 46 more | 2021-10-13 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition. | |||||
CVE-2021-34724 | 1 Cisco | 49 Asr 1000, Asr 1000-esp100, Asr 1000-x and 46 more | 2021-10-13 | 6.6 MEDIUM | 6.0 MEDIUM |
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability is due to insufficient file system protection and the presence of a sensitive file in the bootflash directory on an affected device. An attacker could exploit this vulnerability by overwriting an installer file stored in the bootflash directory with arbitrary commands that can be executed with root-level privileges. A successful exploit could allow the attacker to read and write changes to the configuration database on the affected device. | |||||
CVE-2020-3465 | 1 Cisco | 19 1100-4p, 1100-8p, 1100 Terminal Services Gateways and 16 more | 2021-08-06 | 6.1 MEDIUM | 6.5 MEDIUM |
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | |||||
CVE-2020-3393 | 1 Cisco | 128 Asr1001-hx, Asr1001-hx-rf, Asr1001-x-rf and 125 more | 2021-08-06 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability. | |||||
CVE-2020-3141 | 1 Cisco | 128 Asr1001-hx, Asr1001-hx-rf, Asr1001-x-rf and 125 more | 2021-07-13 | 6.5 MEDIUM | 8.8 HIGH |
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2020-3422 | 1 Cisco | 30 Asr 1001-hx, Asr 1001-x, Asr 1002-hx and 27 more | 2020-10-08 | 4.3 MEDIUM | 7.5 HIGH |
A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists because the IP SLA responder could consume a port that could be used by another feature. An attacker could exploit this vulnerability by sending specific IP SLA control packets to the IP SLA responder on an affected device. The control packets must include the port number that could be used by another configured feature. A successful exploit could allow the attacker to cause an in-use port to be consumed by the IP SLA responder, impacting the feature that was using the port and resulting in a DoS condition. | |||||
CVE-2020-3421 | 1 Cisco | 24 Asr 1001-hx, Asr 1001-x, Asr 1002-hx and 21 more | 2020-10-08 | 7.1 HIGH | 7.5 HIGH |
Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2020-3503 | 1 Cisco | 128 Asr1001-hx, Asr1001-hx-rf, Asr1001-x-rf and 125 more | 2020-10-08 | 3.6 LOW | 6.0 MEDIUM |
A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators. | |||||
CVE-2020-3404 | 1 Cisco | 128 Asr1001-hx, Asr1001-hx-rf, Asr1001-x-rf and 125 more | 2020-10-06 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges. | |||||
CVE-2019-12646 | 1 Cisco | 13 1100-4p, 1100-8p, 1101-4p and 10 more | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. |