Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN

Cisco is warning three critical security vulnerabilities affect its flagship IOS XE software, the operating system for most of its enterprise networking portfolio. The flaws impact Cisco’s wireless controllers, SD-WAN offering and configuration mechanisms in use for scads of products. The...

Cisco IOS XE Software Authentication Bypass Vulnerability

Cisco IOS XE Software is an operating system from the U.S. company Cisco Cisco. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity.Cisco IOS XE Software is vulnerable to an authentication bypass...

Authentication flaw

A vulnerability in the authentication, authorization, and accounting AAA function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected...

CVE-2021-1619 Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected...

CVE-2021-1619 Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected...

CVE-2021-1619

Cisco IOS XE Software contains an authentication bypass vulnerability in the AAA function (CVE-2021-1619). An unauthenticated, remote attacker could bypass NETCONF/RESTCONF authentication and, via a sequence of NETCONF/RESTCONF requests, install, manipulate, or delete device configurations or cau...

Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected...

The vulnerability of the NETCONF protocol implementation in Cisco SD-WAN software allows a attacker to cause service failure.

The vulnerability of the NETCONF protocol implementation in Cisco SD-WAN networks is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

Cisco IOS XE Software RESTCONF NETCONF YANG Access Control List DoS (cisco-sa-confacl-HbPtfSuO)

According to its self-reported version, IOS-XE is affected by a denial of service DoS vulnerability in the RESTCONF and NETCONF-YANG access control list ACL function. An unauthenticated, remote attacker can exploit this, by accessing the device using RESTCONF or NETCONF-YANG to cause the device t...

The vulnerability of the RESTCONF and NETCONF-YANG protocols implemented in the Cisco IOS XE operating system allows a attacker to cause service interruptions.

The vulnerability of the RESTCONF and NETCONF-YANG protocols implemented by the Cisco IOS XE operating system is related to errors in pointer arithmetic. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Cisco IOS XE Denial of Service Vulnerability (CNVD-2021-43450)

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A denial of service vulnerability exists in the RESTCONF and NETCONF-YANG access control list ACL functions of Cisco IOS XE, which can be exploited by an attacker to cause the...

CVE-2020-3407

A vulnerability in the RESTCONF and NETCONF-YANG access control list ACL function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG featur...

Design/Logic Flaw

A vulnerability in the RESTCONF and NETCONF-YANG access control list ACL function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG featur...

CVE-2020-3407 Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability

A vulnerability in the RESTCONF and NETCONF-YANG access control list ACL function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG featur...

CVE-2020-3407 Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability

A vulnerability in the RESTCONF and NETCONF-YANG access control list ACL function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG featur...

Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability

A vulnerability in the RESTCONF and NETCONF-YANG access control list ACL function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG featur...

Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass (cisco-sa-20191120-iosxr-ssh-bypass)

According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability in the access-control logic of the NETCONF over Secure Shell SSH due to a missing check in the NETCONF over SSH access control list ACL. An unauthenticated, remote attacker can exploit this, by by...

Cisco IOS XR Software netconf DoS (cisco-sa-20180502-iosxr)

According to its self-reported version, Cisco IOS XR Software is affected by a denial of service DoS vulnerability in the netconf interface due to improper handling of malformed requests. An unauthenticated, remote attacker can exploit this, by sending malicious requests to the affected software,...

Meinberg Funkuhren Lantime M300 and Meinberg Funkuhren Lantime M1000 Command Injection Vulnerabilities

The Meinberg Funkuhren Lantime M300 and the Meinberg Funkuhren Lantime M1000 are both rack-mounted time servers from Meinberg Funkuhren in Germany. A security vulnerability exists in the Meinberg Funkuhren Lantime M300 and Meinberg Funkuhren Lantime M1000. The vulnerability can be exploited to...

PT-2020-19490 · Meinberg · Meinberg Lantime M300 +1

Name of the Vulnerable Software and Affected Versions: Meinberg Lantime M300 and M1000 devices affected versions not specified Description: The issue allows attackers with privileges to configure a device to execute arbitrary OS commands by editing the /config/netconf.cmd script, also known as...