8 matches found
CVE-2020-10136
CVE-2020-10136 concerns the IP Encapsulation within IP (IPIP) decapsulation path that decapsulates and routes IP-in-IP traffic without validation of the source network packets, enabling spoofing and potential access-control bypass and other unexpected behavior. The NVD entry assigns a MEDIUM seve...
CVE-2020-3119
Summary (CVE-2020-3119) : The vulnerability affects Cisco NX-OS Software’s Cisco Discovery Protocol (CDP) parser. It allows an unauthenticated, adjacent attacker to send a crafted CDP packet, leading to a stack overflow and potentially executing arbitrary code with administrative privileges or tr...
CVE-2020-3120
CVE-2020-3120 affects Cisco FXOS, IOS XR, and NX-OS CDP handling. A missing check when processing Cisco Discovery Protocol messages could let an unauthenticated, adjacent attacker cause a device reload and DoS by sending crafted CDP packets (Layer 2). Impact per sources is DoS via memory exhausti...
CVE-2020-3172
CVE-2020-3172 affects Cisco FXOS Software and Cisco NX-OS Software via the Cisco Discovery Protocol. Insufficient validation of CDP packet headers allows an unauthenticated, Layer-2 adjacent attacker to send a crafted CDP packet, causing a buffer overflow that could let the attacker execute arbit...
CVE-2020-3167
CVE-2020-3167 covers a CLI command injection vulnerability in Cisco FXOS Software and Cisco UCS Manager Software. The issue stems from insufficient input validation in CLI commands, allowing an authenticated, local attacker to inject crafted arguments and execute arbitrary OS commands with the pr...
CVE-2020-3173
Cisco UCS Manager Software Local Management CLI Command Injection (CVE-2020-3173) affects the local-mgmt CLI. The root cause is insufficient input validation of command arguments, allowing an authenticated, local attacker to execute arbitrary OS commands. On most platforms, such commands run with...
CVE-2020-3171
The CVE-2020-3171 entry covers Cisco FXOS and Cisco UCS Manager Software Local Management CLI Command Injection caused by insufficient input validation in the local-mgmt CLI. An authenticated, local attacker can run arbitrary commands on the device’s underlying OS; on most platforms this occurs w...
CVE-2021-1397
Cisco IMC Open Redirect vulnerability (CVE-2021-1397) affects the web-based management interface of Cisco Integrated Management Controller software. Type: improper input validation in HTTP request parameters, exploitable via a crafted link to redirect users to a malicious site. Impact is open red...