Lucene search

K

29 matches found

CVE
CVE
added 2019/05/13 7:29 p.m.124 views

CVE-2019-1649

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that supp...

7.2CVSS6.4AI score0.00281EPSS
CVE
CVE
added 2019/03/28 1:29 a.m.112 views

CVE-2019-1761

A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker co...

4.3CVSS4.3AI score0.00074EPSS
CVE
CVE
added 2019/09/25 8:15 p.m.111 views

CVE-2019-12650

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

9CVSS8.4AI score0.10821EPSS
CVE
CVE
added 2019/03/27 11:29 p.m.98 views

CVE-2019-1737

A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is du...

8.6CVSS8.4AI score0.01156EPSS
CVE
CVE
added 2019/03/28 12:29 a.m.95 views

CVE-2019-1746

A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation ...

7.4CVSS6.9AI score0.00145EPSS
CVE
CVE
added 2019/03/28 12:29 a.m.89 views

CVE-2019-1748

A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates....

7.4CVSS7.4AI score0.00421EPSS
CVE
CVE
added 2019/09/25 9:15 p.m.88 views

CVE-2019-12655

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The...

8.6CVSS7.9AI score0.01223EPSS
CVE
CVE
added 2019/03/28 1:29 a.m.84 views

CVE-2019-1756

A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has v...

9CVSS7.1AI score0.00631EPSS
CVE
CVE
added 2019/09/25 9:15 p.m.83 views

CVE-2019-12672

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validatio...

7.2CVSS6.5AI score0.00037EPSS
CVE
CVE
added 2019/01/10 6:29 p.m.82 views

CVE-2018-0484

A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to...

6.5CVSS5.6AI score0.00146EPSS
CVE
CVE
added 2019/09/25 9:15 p.m.80 views

CVE-2019-12668

A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to i...

4.8CVSS5AI score0.00182EPSS
CVE
CVE
added 2019/03/28 12:29 a.m.78 views

CVE-2019-1747

A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper ...

8.6CVSS8.3AI score0.01516EPSS
CVE
CVE
added 2019/09/25 9:15 p.m.77 views

CVE-2019-12665

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new r...

7.4CVSS6AI score0.00288EPSS
CVE
CVE
added 2019/03/28 12:29 a.m.77 views

CVE-2019-1752

A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this ...

8.6CVSS7.6AI score0.01587EPSS
CVE
CVE
added 2019/03/28 1:29 a.m.77 views

CVE-2019-1758

A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploi...

4.7CVSS4.5AI score0.0022EPSS
CVE
CVE
added 2019/09/25 8:15 p.m.75 views

CVE-2019-12651

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

9CVSS8.4AI score0.26917EPSS
CVE
CVE
added 2019/03/28 1:29 a.m.74 views

CVE-2019-1757

A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected soft...

5.9CVSS5.9AI score0.00339EPSS
CVE
CVE
added 2019/03/28 1:29 a.m.74 views

CVE-2019-1762

A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handl...

4.4CVSS4.3AI score0.00023EPSS
CVE
CVE
added 2019/03/28 12:29 a.m.72 views

CVE-2019-1740

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit ...

8.6CVSS8.4AI score0.00776EPSS
CVE
CVE
added 2019/03/28 12:29 a.m.71 views

CVE-2019-1739

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit t...

8.6CVSS7.9AI score0.02056EPSS
CVE
CVE
added 2019/09/25 9:15 p.m.68 views

CVE-2019-12656

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS...

7.5CVSS7.5AI score0.01474EPSS
CVE
CVE
added 2019/03/28 12:29 a.m.67 views

CVE-2019-1738

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit t...

8.6CVSS8.1AI score0.02056EPSS
CVE
CVE
added 2019/09/25 9:15 p.m.64 views

CVE-2019-12669

A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malforme...

7.8CVSS7.1AI score0.00459EPSS
CVE
CVE
added 2019/03/28 12:29 a.m.59 views

CVE-2019-1751

A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent ...

8.6CVSS8AI score0.01113EPSS
CVE
CVE
added 2019/09/25 9:15 p.m.57 views

CVE-2019-12670

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerabi...

6.7CVSS6.3AI score0.00034EPSS
CVE
CVE
added 2019/09/25 8:15 p.m.55 views

CVE-2019-12649

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected devic...

7.2CVSS6.3AI score0.00026EPSS
CVE
CVE
added 2019/01/10 12:29 a.m.53 views

CVE-2018-0282

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerabil...

7.1CVSS6.8AI score0.00426EPSS
CVE
CVE
added 2019/09/25 9:15 p.m.52 views

CVE-2019-12652

A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when p...

8.6CVSS7.8AI score0.03181EPSS
CVE
CVE
added 2019/09/25 8:15 p.m.47 views

CVE-2019-12648

A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluati...

9.9CVSS8.7AI score0.01169EPSS