Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection (cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE)

According to its self-reported version, IOS is affected by a vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to...

CVE-2020-3257

CVE-2020-3257 affects the Cisco IOx Application Environment for IOS Software on Cisco 809/829 Industrial ISRs and CGR1000. ATLV/bounds checking issue in signaling packet handling can allow authenticated local attackers to execute arbitrary code with elevated privileges, while an adjacent attacker...

CVE-2020-3199

Cisco IOx Application Environment for IOS Software on Cisco Industrial Routers (809/829 ISR) and CGR1000 running IOS Software is affected by multiple vulnerabilities that can allow either DoS or arbitrary code execution with elevated privileges. Specifically, CVE-2020-3199 describes an adjacent a...

CVE-2020-3210

CVE-2020-3210 affects Cisco IOS Software on Cisco 809/829 Industrial ISRs and CGR1000, where the CLI parsers for VDS-related commands fail to validate input. An authenticated local attacker with privilege level 15 can inject malicious input into VDS CLI arguments, gaining arbitrary commands execu...

CVE-2020-3205

CVE-2020-3205 — Cisco IOS inter-VM channel injection involves Cisco IOS Software on Cisco 809/829 Industrial ISRs and CGR1000, where insufficient validation of signaling packets to the Virtual Device Server (VDS) allows an unauthenticated, adjacent attacker to execute arbitrary shell commands wit...