Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20775 | 1 Cisco | 83 8101-32fh, 8101-32h, 8102-64h and 80 more | 2022-11-09 | N/A | 7.8 HIGH |
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | |||||
CVE-2022-20848 | 1 Cisco | 360 8101-32fh, 8101-32h, 8102-64h and 357 more | 2022-10-27 | N/A | 7.5 HIGH |
A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
CVE-2022-20919 | 1 Cisco | 305 Asr-920-10sz-pd, Asr-920-12cz-a, Asr-920-12cz-d and 302 more | 2022-10-27 | N/A | 7.5 HIGH |
A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition. | |||||
CVE-2022-20851 | 1 Cisco | 259 8101-32fh, 8101-32h, 8102-64h and 256 more | 2022-10-27 | N/A | 7.2 HIGH |
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device. | |||||
CVE-2022-20850 | 1 Cisco | 14 Ios Xe Sd-wan, Isr 1100, Isr 1100-4g and 11 more | 2022-10-05 | N/A | 7.1 HIGH |
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. | |||||
CVE-2022-20818 | 1 Cisco | 83 8101-32fh, 8101-32h, 8102-64h and 80 more | 2022-10-04 | N/A | 7.8 HIGH |
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | |||||
CVE-2022-20678 | 1 Cisco | 25 Asr 1001-x, Asr 1002-x, Catalyst 8000v Edge and 22 more | 2022-04-25 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload. | |||||
CVE-2022-20677 | 1 Cisco | 62 8101-32fh, 8101-32h, 8102-64h and 59 more | 2022-04-25 | 7.2 HIGH | 6.7 MEDIUM |
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. |