admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-02 17:00:38 +00:00
parent 9ebe3ebc1d
commit 497a583fee
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
31 changed files with 5163 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

253
2024/20xxx/CVE-2024-20365.json
View File

@ -1,17 +1,262 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20365",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root.\r\n\r\nThis vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Unified Computing System (Managed)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.1(2a)"
},
{
"version_affected": "=",
"version_value": "4.1(2b)"
},
{
"version_affected": "=",
"version_value": "4.1(3a)"
},
{
"version_affected": "=",
"version_value": "4.1(3b)"
},
{
"version_affected": "=",
"version_value": "4.1(2c)"
},
{
"version_affected": "=",
"version_value": "4.1(4a)"
},
{
"version_affected": "=",
"version_value": "4.1(3c)"
},
{
"version_affected": "=",
"version_value": "4.1(3d)"
},
{
"version_affected": "=",
"version_value": "4.2(1c)"
},
{
"version_affected": "=",
"version_value": "4.2(1d)"
},
{
"version_affected": "=",
"version_value": "4.1(3e)"
},
{
"version_affected": "=",
"version_value": "4.2(1f)"
},
{
"version_affected": "=",
"version_value": "4.1(3f)"
},
{
"version_affected": "=",
"version_value": "4.2(1i)"
},
{
"version_affected": "=",
"version_value": "4.2(1k)"
},
{
"version_affected": "=",
"version_value": "4.1(3h)"
},
{
"version_affected": "=",
"version_value": "4.2(1l)"
},
{
"version_affected": "=",
"version_value": "4.2(1m)"
},
{
"version_affected": "=",
"version_value": "4.1(3i)"
},
{
"version_affected": "=",
"version_value": "4.2(2a)"
},
{
"version_affected": "=",
"version_value": "4.2(1n)"
},
{
"version_affected": "=",
"version_value": "4.1(3j)"
},
{
"version_affected": "=",
"version_value": "4.2(2c)"
},
{
"version_affected": "=",
"version_value": "4.2(2d)"
},
{
"version_affected": "=",
"version_value": "4.2(3b)"
},
{
"version_affected": "=",
"version_value": "4.1(3k)"
},
{
"version_affected": "=",
"version_value": "4.2(2e)"
},
{
"version_affected": "=",
"version_value": "4.2(3d)"
},
{
"version_affected": "=",
"version_value": "4.2(3e)"
},
{
"version_affected": "=",
"version_value": "4.2(3g)"
},
{
"version_affected": "=",
"version_value": "4.1(3l)"
},
{
"version_affected": "=",
"version_value": "4.3(2b)"
},
{
"version_affected": "=",
"version_value": "4.2(3h)"
},
{
"version_affected": "=",
"version_value": "4.2(3i)"
},
{
"version_affected": "=",
"version_value": "4.3(2c)"
},
{
"version_affected": "=",
"version_value": "4.1(3m)"
},
{
"version_affected": "=",
"version_value": "4.3(2e)"
},
{
"version_affected": "=",
"version_value": "4.3(3a)"
},
{
"version_affected": "=",
"version_value": "4.2(3j)"
},
{
"version_affected": "=",
"version_value": "4.3(3c)"
},
{
"version_affected": "=",
"version_value": "4.3(4a)"
},
{
"version_affected": "=",
"version_value": "4.2(3k)"
},
{
"version_affected": "=",
"version_value": "4.3(4b)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-redfish-cominj-sbkv5ZZ",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-redfish-cominj-sbkv5ZZ"
}
]
},
"source": {
"advisory": "cisco-sa-cimc-redfish-cominj-sbkv5ZZ",
"discovery": "INTERNAL",
"defects": [
"CSCwi88894"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

169
2024/20xxx/CVE-2024-20385.json
View File

@ -1,17 +1,178 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20385",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device. \r\n\r\nThis vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature validates the certificates for Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud Network Controller (CNC), and Cisco Nexus Dashboard only when a new site is added or an existing one is reregistered. An attacker could exploit this vulnerability by using machine-in-the-middle techniques to intercept the traffic between the affected device and Cisco NDO and then using a crafted certificate to impersonate the affected device. A successful exploit could allow the attacker to learn sensitive information during communications between these devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Nexus Dashboard Orchestrator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.7(1d)"
},
{
"version_affected": "=",
"version_value": "3.7(1g)"
},
{
"version_affected": "=",
"version_value": "3.7(1h)"
},
{
"version_affected": "=",
"version_value": "3.7(1j)"
},
{
"version_affected": "=",
"version_value": "3.7(1i)"
},
{
"version_affected": "=",
"version_value": "3.7(1k)"
},
{
"version_affected": "=",
"version_value": "3.7(1l)"
},
{
"version_affected": "=",
"version_value": "3.7(2d)"
},
{
"version_affected": "=",
"version_value": "3.7(2e)"
},
{
"version_affected": "=",
"version_value": "3.7(2f)"
},
{
"version_affected": "=",
"version_value": "3.7(2g)"
},
{
"version_affected": "=",
"version_value": "3.7(2h)"
},
{
"version_affected": "=",
"version_value": "4.1(2e)"
},
{
"version_affected": "=",
"version_value": "3.7(2i)"
},
{
"version_affected": "=",
"version_value": "4.1(2h)"
},
{
"version_affected": "=",
"version_value": "4.2(1d)"
},
{
"version_affected": "=",
"version_value": "4.2(1e)"
},
{
"version_affected": "=",
"version_value": "4.2(2e)"
},
{
"version_affected": "=",
"version_value": "4.2(3e)"
},
{
"version_affected": "=",
"version_value": "4.3.(1.1008)"
},
{
"version_affected": "=",
"version_value": "4.2(3j)"
},
{
"version_affected": "=",
"version_value": "4.2(3k)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndo-tlsvld-FdUF3cpw",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndo-tlsvld-FdUF3cpw"
}
]
},
"source": {
"advisory": "cisco-sa-ndo-tlsvld-FdUF3cpw",
"discovery": "EXTERNAL",
"defects": [
"CSCwi72006"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

161
2024/20xxx/CVE-2024-20393.json
View File

@ -1,17 +1,170 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20393",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r\nThis vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.01.17"
},
{
"version_affected": "=",
"version_value": "1.0.03.17"
},
{
"version_affected": "=",
"version_value": "1.0.01.16"
},
{
"version_affected": "=",
"version_value": "1.0.01.18"
},
{
"version_affected": "=",
"version_value": "1.0.00.29"
},
{
"version_affected": "=",
"version_value": "1.0.03.16"
},
{
"version_affected": "=",
"version_value": "1.0.03.15"
},
{
"version_affected": "=",
"version_value": "1.0.02.16"
},
{
"version_affected": "=",
"version_value": "1.0.01.20"
},
{
"version_affected": "=",
"version_value": "1.0.00.33"
},
{
"version_affected": "=",
"version_value": "1.0.03.18"
},
{
"version_affected": "=",
"version_value": "1.0.03.19"
},
{
"version_affected": "=",
"version_value": "1.0.03.20"
},
{
"version_affected": "=",
"version_value": "1.0.03.21"
},
{
"version_affected": "=",
"version_value": "1.0.03.22"
},
{
"version_affected": "=",
"version_value": "1.0.03.24"
},
{
"version_affected": "=",
"version_value": "1.0.03.26"
},
{
"version_affected": "=",
"version_value": "1.0.03.27"
},
{
"version_affected": "=",
"version_value": "1.0.03.28"
},
{
"version_affected": "=",
"version_value": "1.0.03.29"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms"
}
]
},
"source": {
"advisory": "cisco-sa-rv34x-privesc-rce-qE33TCms",
"discovery": "EXTERNAL",
"defects": [
"CSCwm27935"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

125
2024/20xxx/CVE-2024-20432.json
View File

@ -1,17 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20432",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device.\r\n \r\nThis vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges.\r\n \r\nNote: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1(1)"
},
{
"version_affected": "=",
"version_value": "12.0.1a"
},
{
"version_affected": "=",
"version_value": "12.0.2d"
},
{
"version_affected": "=",
"version_value": "12.0.2f"
},
{
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected": "=",
"version_value": "12.1.1e"
},
{
"version_affected": "=",
"version_value": "12.1.1p"
},
{
"version_affected": "=",
"version_value": "12.1.2e"
},
{
"version_affected": "=",
"version_value": "12.1.2p"
},
{
"version_affected": "=",
"version_value": "12.1.3b"
},
{
"version_affected": "=",
"version_value": "12.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cmdinj-UvYZrKfr",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cmdinj-UvYZrKfr"
}
]
},
"source": {
"advisory": "cisco-sa-ndfc-cmdinj-UvYZrKfr",
"discovery": "INTERNAL",
"defects": [
"CSCwj10299"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

125
2024/20xxx/CVE-2024-20438.json
View File

@ -1,17 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device.\r\n\r\nThis vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files.\r\nNote: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Protection Mechanism Failure",
"cweId": "CWE-693"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1(1)"
},
{
"version_affected": "=",
"version_value": "12.0.1a"
},
{
"version_affected": "=",
"version_value": "12.0.2d"
},
{
"version_affected": "=",
"version_value": "12.0.2f"
},
{
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected": "=",
"version_value": "12.1.1e"
},
{
"version_affected": "=",
"version_value": "12.1.1p"
},
{
"version_affected": "=",
"version_value": "12.1.2e"
},
{
"version_affected": "=",
"version_value": "12.1.2p"
},
{
"version_affected": "=",
"version_value": "12.1.3b"
},
{
"version_affected": "=",
"version_value": "12.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN"
}
]
},
"source": {
"advisory": "cisco-sa-ndhs-uaapi-Jh4V6zpN",
"discovery": "INTERNAL",
"defects": [
"CSCwj09986"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
]
}

125
2024/20xxx/CVE-2024-20441.json
View File

@ -1,17 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20441",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device.\r\n\r\nThis vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to download config only or full backup files and learn sensitive configuration information. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1(1)"
},
{
"version_affected": "=",
"version_value": "12.0.1a"
},
{
"version_affected": "=",
"version_value": "12.0.2d"
},
{
"version_affected": "=",
"version_value": "12.0.2f"
},
{
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected": "=",
"version_value": "12.1.1e"
},
{
"version_affected": "=",
"version_value": "12.1.1p"
},
{
"version_affected": "=",
"version_value": "12.1.2e"
},
{
"version_affected": "=",
"version_value": "12.1.2p"
},
{
"version_affected": "=",
"version_value": "12.1.3b"
},
{
"version_affected": "=",
"version_value": "12.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN"
}
]
},
"source": {
"advisory": "cisco-sa-ndhs-uaapi-Jh4V6zpN",
"discovery": "INTERNAL",
"defects": [
"CSCwk04220"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

193
2024/20xxx/CVE-2024-20442.json
View File

@ -1,17 +1,202 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device.\r\n\r\nThis vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Nexus Dashboard",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1(3e)"
},
{
"version_affected": "=",
"version_value": "1.1(3c)"
},
{
"version_affected": "=",
"version_value": "1.1(3d)"
},
{
"version_affected": "=",
"version_value": "1.1(0d)"
},
{
"version_affected": "=",
"version_value": "1.1(2i)"
},
{
"version_affected": "=",
"version_value": "2.0(1b)"
},
{
"version_affected": "=",
"version_value": "1.1(2h)"
},
{
"version_affected": "=",
"version_value": "1.1(0c)"
},
{
"version_affected": "=",
"version_value": "1.1(3f)"
},
{
"version_affected": "=",
"version_value": "2.1(1d)"
},
{
"version_affected": "=",
"version_value": "2.1(1e)"
},
{
"version_affected": "=",
"version_value": "2.0(2g)"
},
{
"version_affected": "=",
"version_value": "2.0(2h)"
},
{
"version_affected": "=",
"version_value": "2.1(2d)"
},
{
"version_affected": "=",
"version_value": "2.0(1d)"
},
{
"version_affected": "=",
"version_value": "2.2(1h)"
},
{
"version_affected": "=",
"version_value": "2.2(1e)"
},
{
"version_affected": "=",
"version_value": "2.2(2d)"
},
{
"version_affected": "=",
"version_value": "2.1(2f)"
},
{
"version_affected": "=",
"version_value": "2.3(1c)"
},
{
"version_affected": "=",
"version_value": "2.3(2b)"
},
{
"version_affected": "=",
"version_value": "2.3(2c)"
},
{
"version_affected": "=",
"version_value": "2.3(2d)"
},
{
"version_affected": "=",
"version_value": "2.3(2e)"
},
{
"version_affected": "=",
"version_value": "3.0(1f)"
},
{
"version_affected": "=",
"version_value": "3.0(1i)"
},
{
"version_affected": "=",
"version_value": "3.1(1k)"
},
{
"version_affected": "=",
"version_value": "3.1(1l)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN"
}
]
},
"source": {
"advisory": "cisco-sa-ndhs-uaapi-Jh4V6zpN",
"discovery": "INTERNAL",
"defects": [
"CSCwk04255"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

233
2024/20xxx/CVE-2024-20444.json
View File

@ -1,17 +1,242 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20444",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device.\r\n \r\nThis vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
"cweId": "CWE-88"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2(1)"
},
{
"version_affected": "=",
"version_value": "7.0(2)"
},
{
"version_affected": "=",
"version_value": "10.3(2)IPFM"
},
{
"version_affected": "=",
"version_value": "10.1(1)"
},
{
"version_affected": "=",
"version_value": "7.2(3)"
},
{
"version_affected": "=",
"version_value": "7.2(2)"
},
{
"version_affected": "=",
"version_value": "7.2(1)"
},
{
"version_affected": "=",
"version_value": "11.0(1)"
},
{
"version_affected": "=",
"version_value": "10.4(1)"
},
{
"version_affected": "=",
"version_value": "10.2(1)"
},
{
"version_affected": "=",
"version_value": "7.2(2a)"
},
{
"version_affected": "=",
"version_value": "10.1(2)"
},
{
"version_affected": "=",
"version_value": "7.1(1)"
},
{
"version_affected": "=",
"version_value": "12.1(1)"
},
{
"version_affected": "=",
"version_value": "11.1(1)"
},
{
"version_affected": "=",
"version_value": "10.3(1)"
},
{
"version_affected": "=",
"version_value": "10.3(1)R(1)"
},
{
"version_affected": "=",
"version_value": "7.0(1)"
},
{
"version_affected": "=",
"version_value": "10.0(1)"
},
{
"version_affected": "=",
"version_value": "7.1(2)"
},
{
"version_affected": "=",
"version_value": "11.4(1)"
},
{
"version_affected": "=",
"version_value": "10.4(2)"
},
{
"version_affected": "=",
"version_value": "11.3(1)"
},
{
"version_affected": "=",
"version_value": "11.5(1)"
},
{
"version_affected": "=",
"version_value": "11.5(2)"
},
{
"version_affected": "=",
"version_value": "11.5(3)"
},
{
"version_affected": "=",
"version_value": "12.0.1a"
},
{
"version_affected": "=",
"version_value": "11.5(3a)"
},
{
"version_affected": "=",
"version_value": "12.0.2d"
},
{
"version_affected": "=",
"version_value": "12.0.2f"
},
{
"version_affected": "=",
"version_value": "11.5(4)"
},
{
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected": "=",
"version_value": "12.1.1e"
},
{
"version_affected": "=",
"version_value": "12.1.1p"
},
{
"version_affected": "=",
"version_value": "12.1.2e"
},
{
"version_affected": "=",
"version_value": "12.1.2p"
},
{
"version_affected": "=",
"version_value": "12.1.3b"
},
{
"version_affected": "=",
"version_value": "12.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-raci-T46k3jnN",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-raci-T46k3jnN"
}
]
},
"source": {
"advisory": "cisco-sa-ndfc-raci-T46k3jnN",
"discovery": "INTERNAL",
"defects": [
"CSCwj55173"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
}
]
}

233
2024/20xxx/CVE-2024-20448.json
View File

@ -1,17 +1,242 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20448",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information.\r\n\r\nThis vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage in a File or on Disk",
"cweId": "CWE-313"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2(1)"
},
{
"version_affected": "=",
"version_value": "7.0(2)"
},
{
"version_affected": "=",
"version_value": "10.3(2)IPFM"
},
{
"version_affected": "=",
"version_value": "10.1(1)"
},
{
"version_affected": "=",
"version_value": "7.2(3)"
},
{
"version_affected": "=",
"version_value": "7.2(2)"
},
{
"version_affected": "=",
"version_value": "7.2(1)"
},
{
"version_affected": "=",
"version_value": "11.0(1)"
},
{
"version_affected": "=",
"version_value": "10.4(1)"
},
{
"version_affected": "=",
"version_value": "10.2(1)"
},
{
"version_affected": "=",
"version_value": "7.2(2a)"
},
{
"version_affected": "=",
"version_value": "10.1(2)"
},
{
"version_affected": "=",
"version_value": "7.1(1)"
},
{
"version_affected": "=",
"version_value": "12.1(1)"
},
{
"version_affected": "=",
"version_value": "11.1(1)"
},
{
"version_affected": "=",
"version_value": "10.3(1)"
},
{
"version_affected": "=",
"version_value": "10.3(1)R(1)"
},
{
"version_affected": "=",
"version_value": "7.0(1)"
},
{
"version_affected": "=",
"version_value": "10.0(1)"
},
{
"version_affected": "=",
"version_value": "7.1(2)"
},
{
"version_affected": "=",
"version_value": "11.4(1)"
},
{
"version_affected": "=",
"version_value": "10.4(2)"
},
{
"version_affected": "=",
"version_value": "11.3(1)"
},
{
"version_affected": "=",
"version_value": "11.5(1)"
},
{
"version_affected": "=",
"version_value": "11.5(2)"
},
{
"version_affected": "=",
"version_value": "11.5(3)"
},
{
"version_affected": "=",
"version_value": "12.0.1a"
},
{
"version_affected": "=",
"version_value": "11.5(3a)"
},
{
"version_affected": "=",
"version_value": "12.0.2d"
},
{
"version_affected": "=",
"version_value": "12.0.2f"
},
{
"version_affected": "=",
"version_value": "11.5(4)"
},
{
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected": "=",
"version_value": "12.1.1e"
},
{
"version_affected": "=",
"version_value": "12.1.1p"
},
{
"version_affected": "=",
"version_value": "12.1.2e"
},
{
"version_affected": "=",
"version_value": "12.1.2p"
},
{
"version_affected": "=",
"version_value": "12.1.3b"
},
{
"version_affected": "=",
"version_value": "12.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cidv-XvyX2wLj",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cidv-XvyX2wLj"
}
]
},
"source": {
"advisory": "cisco-sa-ndfc-cidv-XvyX2wLj",
"discovery": "INTERNAL",
"defects": [
"CSCwj87786"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

125
2024/20xxx/CVE-2024-20449.json
View File

@ -1,17 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20449",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device.\r\n\r\nThis vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges of root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Relative Path Traversal",
"cweId": "CWE-23"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1(1)"
},
{
"version_affected": "=",
"version_value": "12.0.1a"
},
{
"version_affected": "=",
"version_value": "12.0.2d"
},
{
"version_affected": "=",
"version_value": "12.0.2f"
},
{
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected": "=",
"version_value": "12.1.1e"
},
{
"version_affected": "=",
"version_value": "12.1.1p"
},
{
"version_affected": "=",
"version_value": "12.1.2e"
},
{
"version_affected": "=",
"version_value": "12.1.2p"
},
{
"version_affected": "=",
"version_value": "12.1.3b"
},
{
"version_affected": "=",
"version_value": "12.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-ptrce-BUSHLbp",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-ptrce-BUSHLbp"
}
]
},
"source": {
"advisory": "cisco-sa-ndfc-ptrce-BUSHLbp",
"discovery": "INTERNAL",
"defects": [
"CSCwk04223"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

145
2024/20xxx/CVE-2024-20470.json
View File

@ -1,18 +1,153 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20470",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials.\r\n\r\nThis vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Expression/Command Delimiters",
"cweId": "CWE-146"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.01.17"
},
{
"version_affected": "=",
"version_value": "1.0.03.17"
},
{
"version_affected": "=",
"version_value": "1.0.01.16"
},
{
"version_affected": "=",
"version_value": "1.0.01.18"
},
{
"version_affected": "=",
"version_value": "1.0.00.29"
},
{
"version_affected": "=",
"version_value": "1.0.03.16"
},
{
"version_affected": "=",
"version_value": "1.0.03.15"
},
{
"version_affected": "=",
"version_value": "1.0.02.16"
},
{
"version_affected": "=",
"version_value": "1.0.01.20"
},
{
"version_affected": "=",
"version_value": "1.0.00.33"
},
{
"version_affected": "=",
"version_value": "1.0.03.18"
},
{
"version_affected": "=",
"version_value": "1.0.03.19"
},
{
"version_affected": "=",
"version_value": "1.0.03.20"
},
{
"version_affected": "=",
"version_value": "1.0.03.21"
},
{
"version_affected": "=",
"version_value": "1.0.03.22"
},
{
"version_affected": "=",
"version_value": "1.0.03.24"
},
{
"version_affected": "=",
"version_value": "1.0.03.26"
},
{
"version_affected": "=",
"version_value": "1.0.03.27"
},
{
"version_affected": "=",
"version_value": "1.0.03.28"
},
{
"version_affected": "=",
"version_value": "1.0.03.29"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms"
}
]
},
"source": {
"advisory": "cisco-sa-rv34x-privesc-rce-qE33TCms",
"discovery": "EXTERNAL",
"defects": [
"CSCwk99655"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
]
}

125
2024/20xxx/CVE-2024-20477.json
View File

@ -1,17 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20477",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device.\r\n\r\nThis vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1(1)"
},
{
"version_affected": "=",
"version_value": "12.0.1a"
},
{
"version_affected": "=",
"version_value": "12.0.2d"
},
{
"version_affected": "=",
"version_value": "12.0.2f"
},
{
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected": "=",
"version_value": "12.1.1e"
},
{
"version_affected": "=",
"version_value": "12.1.1p"
},
{
"version_affected": "=",
"version_value": "12.1.2e"
},
{
"version_affected": "=",
"version_value": "12.1.2p"
},
{
"version_affected": "=",
"version_value": "12.1.3b"
},
{
"version_affected": "=",
"version_value": "12.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN"
}
]
},
"source": {
"advisory": "cisco-sa-ndhs-uaapi-Jh4V6zpN",
"discovery": "INTERNAL",
"defects": [
"CSCwk11265"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
]
}

216
2024/20xxx/CVE-2024-20490.json
View File

@ -1,17 +1,225 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20490",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information.\r\n\r\nThis vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network.\r\nNote: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.1e"
},
{
"version_affected": "=",
"version_value": "12.1.1p"
},
{
"version_affected": "=",
"version_value": "12.1.2e"
},
{
"version_affected": "=",
"version_value": "12.1.2p"
},
{
"version_affected": "=",
"version_value": "12.1.3b"
},
{
"version_affected": "=",
"version_value": "12.2.1"
},
{
"version_affected": "=",
"version_value": "12.2.2"
}
]
}
},
{
"product_name": "Cisco Nexus Dashboard Orchestrator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0(1i)"
},
{
"version_affected": "=",
"version_value": "1.0(2b)"
},
{
"version_affected": "=",
"version_value": "3.7(1d)"
},
{
"version_affected": "=",
"version_value": "3.7(1g)"
},
{
"version_affected": "=",
"version_value": "3.7(1h)"
},
{
"version_affected": "=",
"version_value": "3.7(1j)"
},
{
"version_affected": "=",
"version_value": "3.7(1i)"
},
{
"version_affected": "=",
"version_value": "3.7(1k)"
},
{
"version_affected": "=",
"version_value": "3.7(1l)"
},
{
"version_affected": "=",
"version_value": "3.7(2d)"
},
{
"version_affected": "=",
"version_value": "3.7(2e)"
},
{
"version_affected": "=",
"version_value": "3.7(2f)"
},
{
"version_affected": "=",
"version_value": "3.7(2g)"
},
{
"version_affected": "=",
"version_value": "3.7(2h)"
},
{
"version_affected": "=",
"version_value": "4.1(2e)"
},
{
"version_affected": "=",
"version_value": "3.7(2i)"
},
{
"version_affected": "=",
"version_value": "4.1(2h)"
},
{
"version_affected": "=",
"version_value": "4.2(1d)"
},
{
"version_affected": "=",
"version_value": "4.2(1e)"
},
{
"version_affected": "=",
"version_value": "4.2(2e)"
},
{
"version_affected": "=",
"version_value": "4.2(3e)"
},
{
"version_affected": "=",
"version_value": "4.3.(1.1008)"
},
{
"version_affected": "=",
"version_value": "4.2(3j)"
},
{
"version_affected": "=",
"version_value": "4.2(3k)"
},
{
"version_affected": "=",
"version_value": "4.4(1.1009)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc"
}
]
},
"source": {
"advisory": "cisco-sa-ndhs-idv-Bk8VqEDc",
"discovery": "INTERNAL",
"defects": [
"CSCwk96526"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

137
2024/20xxx/CVE-2024-20491.json
View File

@ -1,17 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20491",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information.\r\n\r\nThis vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text.\r\nNote: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Nexus Dashboard Insights",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.2.2.125"
},
{
"version_affected": "=",
"version_value": "2.2.2.126"
},
{
"version_affected": "=",
"version_value": "5.0.1.150"
},
{
"version_affected": "=",
"version_value": "5.0.1.154"
},
{
"version_affected": "=",
"version_value": "5.1.0.131"
},
{
"version_affected": "=",
"version_value": "5.1.0.135"
},
{
"version_affected": "=",
"version_value": "6.0.1"
},
{
"version_affected": "=",
"version_value": "6.0.2"
},
{
"version_affected": "=",
"version_value": "6.1.1"
},
{
"version_affected": "=",
"version_value": "6.1.2"
},
{
"version_affected": "=",
"version_value": "6.1.3"
},
{
"version_affected": "=",
"version_value": "6.2.1"
},
{
"version_affected": "=",
"version_value": "6.2.2"
},
{
"version_affected": "=",
"version_value": "6.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc"
}
]
},
"source": {
"advisory": "cisco-sa-ndhs-idv-Bk8VqEDc",
"discovery": "INTERNAL",
"defects": [
"CSCwk96544"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

397
2024/20xxx/CVE-2024-20492.json
View File

@ -1,17 +1,406 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device.\r\nNote: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Video Communication Server (VCS) Expressway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "X8.11.2"
},
{
"version_affected": "=",
"version_value": "X8.6"
},
{
"version_affected": "=",
"version_value": "X8.11.3"
},
{
"version_affected": "=",
"version_value": "X8.2.2"
},
{
"version_affected": "=",
"version_value": "X8.8.3"
},
{
"version_affected": "=",
"version_value": "X8.11.0"
},
{
"version_affected": "=",
"version_value": "X12.5.2"
},
{
"version_affected": "=",
"version_value": "X8.1.1"
},
{
"version_affected": "=",
"version_value": "X8.9"
},
{
"version_affected": "=",
"version_value": "X12.5.1"
},
{
"version_affected": "=",
"version_value": "X12.5.6"
},
{
"version_affected": "=",
"version_value": "X8.7.3"
},
{
"version_affected": "=",
"version_value": "X12.6.0"
},
{
"version_affected": "=",
"version_value": "X8.11.1"
},
{
"version_affected": "=",
"version_value": "X8.5"
},
{
"version_affected": "=",
"version_value": "X8.9.1"
},
{
"version_affected": "=",
"version_value": "X8.10.2"
},
{
"version_affected": "=",
"version_value": "X8.8.2"
},
{
"version_affected": "=",
"version_value": "X8.5.3"
},
{
"version_affected": "=",
"version_value": "X8.1"
},
{
"version_affected": "=",
"version_value": "X8.9.2"
},
{
"version_affected": "=",
"version_value": "X8.11.4"
},
{
"version_affected": "=",
"version_value": "X12.5.4"
},
{
"version_affected": "=",
"version_value": "X8.8.1"
},
{
"version_affected": "=",
"version_value": "X8.2.1"
},
{
"version_affected": "=",
"version_value": "X8.5.1"
},
{
"version_affected": "=",
"version_value": "X8.6.1"
},
{
"version_affected": "=",
"version_value": "X8.1.2"
},
{
"version_affected": "=",
"version_value": "X8.8"
},
{
"version_affected": "=",
"version_value": "X8.10.0"
},
{
"version_affected": "=",
"version_value": "X12.5.3"
},
{
"version_affected": "=",
"version_value": "X8.10.1"
},
{
"version_affected": "=",
"version_value": "X12.5.7"
},
{
"version_affected": "=",
"version_value": "X8.10.3"
},
{
"version_affected": "=",
"version_value": "X8.7.1"
},
{
"version_affected": "=",
"version_value": "X8.2"
},
{
"version_affected": "=",
"version_value": "X12.5.8"
},
{
"version_affected": "=",
"version_value": "X8.7"
},
{
"version_affected": "=",
"version_value": "X8.5.2"
},
{
"version_affected": "=",
"version_value": "X12.5.9"
},
{
"version_affected": "=",
"version_value": "X12.5.0"
},
{
"version_affected": "=",
"version_value": "X8.10.4"
},
{
"version_affected": "=",
"version_value": "X8.7.2"
},
{
"version_affected": "=",
"version_value": "X12.5.5"
},
{
"version_affected": "=",
"version_value": "X12.6.1"
},
{
"version_affected": "=",
"version_value": "X12.6.2"
},
{
"version_affected": "=",
"version_value": "X12.6.3"
},
{
"version_affected": "=",
"version_value": "X12.6.4"
},
{
"version_affected": "=",
"version_value": "X12.7.0"
},
{
"version_affected": "=",
"version_value": "X12.7.1"
},
{
"version_affected": "=",
"version_value": "X14.0.0"
},
{
"version_affected": "=",
"version_value": "X14.0.1"
},
{
"version_affected": "=",
"version_value": "X14.0.2"
},
{
"version_affected": "=",
"version_value": "X14.0.3"
},
{
"version_affected": "=",
"version_value": "X14.0.4"
},
{
"version_affected": "=",
"version_value": "X14.0.5"
},
{
"version_affected": "=",
"version_value": "X14.0.6"
},
{
"version_affected": "=",
"version_value": "X14.0.7"
},
{
"version_affected": "=",
"version_value": "X14.0.8"
},
{
"version_affected": "=",
"version_value": "X14.2.0"
},
{
"version_affected": "=",
"version_value": "X14.0.9"
},
{
"version_affected": "=",
"version_value": "X14.2.1"
},
{
"version_affected": "=",
"version_value": "X14.2.2"
},
{
"version_affected": "=",
"version_value": "X14.0.11"
},
{
"version_affected": "=",
"version_value": "X14.2.5"
},
{
"version_affected": "=",
"version_value": "X14.0.10"
},
{
"version_affected": "=",
"version_value": "X14.2.6"
},
{
"version_affected": "=",
"version_value": "X14.2.7"
},
{
"version_affected": "=",
"version_value": "X14.3.0"
},
{
"version_affected": "=",
"version_value": "X14.3.1"
},
{
"version_affected": "=",
"version_value": "X14.3.2"
},
{
"version_affected": "=",
"version_value": "X14.3.3"
},
{
"version_affected": "=",
"version_value": "X15.0.0"
},
{
"version_affected": "=",
"version_value": "X14.3.4"
},
{
"version_affected": "=",
"version_value": "X14.3.5"
},
{
"version_affected": "=",
"version_value": "X15.0.1"
},
{
"version_affected": "=",
"version_value": "X15.0.2"
},
{
"version_affected": "=",
"version_value": "X15.0.3"
},
{
"version_affected": "=",
"version_value": "X14.3.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expw-escalation-3bkz77bD",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expw-escalation-3bkz77bD"
}
]
},
"source": {
"advisory": "cisco-sa-expw-escalation-3bkz77bD",
"discovery": "EXTERNAL",
"defects": [
"CSCwk75586"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

205
2024/20xxx/CVE-2024-20515.json
View File

@ -1,17 +1,214 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20515",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.\r\n\r\nThis vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data",
"cweId": "CWE-311"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "2.7.0 p8"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
},
{
"version_affected": "=",
"version_value": "3.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disc-ZYF2nEEX",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disc-ZYF2nEEX"
}
]
},
"source": {
"advisory": "cisco-sa-ise-info-disc-ZYF2nEEX",
"discovery": "EXTERNAL",
"defects": [
"CSCwj04194"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

237
2024/20xxx/CVE-2024-20516.json
View File

@ -1,17 +1,246 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20516",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n \r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.2.08-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.08"
},
{
"version_affected": "=",
"version_value": "4.1.1.01"
},
{
"version_affected": "=",
"version_value": "4.2.3.03"
},
{
"version_affected": "=",
"version_value": "3.0.0.1-tm"
},
{
"version_affected": "=",
"version_value": "4.1.0.02-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.09"
},
{
"version_affected": "=",
"version_value": "3.0.2.01-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.10"
},
{
"version_affected": "=",
"version_value": "3.0.0.19-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.06"
},
{
"version_affected": "=",
"version_value": "4.2.2.08"
},
{
"version_affected": "=",
"version_value": "4.0.3.03-tm"
},
{
"version_affected": "=",
"version_value": "4.0.0.7"
},
{
"version_affected": "=",
"version_value": "4.2.1.02"
},
{
"version_affected": "=",
"version_value": "4.2.3.07"
},
{
"version_affected": "=",
"version_value": "4.0.4.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.19-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.6-tm"
},
{
"version_affected": "=",
"version_value": "1.3.13.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.1.10"
},
{
"version_affected": "=",
"version_value": "1.2.1.13"
},
{
"version_affected": "=",
"version_value": "1.1.1.19"
},
{
"version_affected": "=",
"version_value": "1.4.2.15"
},
{
"version_affected": "=",
"version_value": "1.5.1.05"
},
{
"version_affected": "=",
"version_value": "1.0.2.03"
},
{
"version_affected": "=",
"version_value": "1.1.0.09"
},
{
"version_affected": "=",
"version_value": "1.2.1.14"
},
{
"version_affected": "=",
"version_value": "1.3.2.02"
},
{
"version_affected": "=",
"version_value": "1.3.1.12"
},
{
"version_affected": "=",
"version_value": "1.0.1.17"
},
{
"version_affected": "=",
"version_value": "1.4.2.19"
},
{
"version_affected": "=",
"version_value": "1.1.1.06"
},
{
"version_affected": "=",
"version_value": "1.4.2.20"
},
{
"version_affected": "=",
"version_value": "1.4.2.22"
},
{
"version_affected": "=",
"version_value": "1.4.2.17"
},
{
"version_affected": "=",
"version_value": "4.2.3.14"
},
{
"version_affected": "=",
"version_value": "1.5.1.11"
},
{
"version_affected": "=",
"version_value": "1.5.1.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
]
},
"source": {
"advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"discovery": "EXTERNAL",
"defects": [
"CSCwm48770"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

237
2024/20xxx/CVE-2024-20517.json
View File

@ -1,17 +1,246 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20517",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n \r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.2.08-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.08"
},
{
"version_affected": "=",
"version_value": "4.1.1.01"
},
{
"version_affected": "=",
"version_value": "4.2.3.03"
},
{
"version_affected": "=",
"version_value": "3.0.0.1-tm"
},
{
"version_affected": "=",
"version_value": "4.1.0.02-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.09"
},
{
"version_affected": "=",
"version_value": "3.0.2.01-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.10"
},
{
"version_affected": "=",
"version_value": "3.0.0.19-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.06"
},
{
"version_affected": "=",
"version_value": "4.2.2.08"
},
{
"version_affected": "=",
"version_value": "4.0.3.03-tm"
},
{
"version_affected": "=",
"version_value": "4.0.0.7"
},
{
"version_affected": "=",
"version_value": "4.2.1.02"
},
{
"version_affected": "=",
"version_value": "4.2.3.07"
},
{
"version_affected": "=",
"version_value": "4.0.4.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.19-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.6-tm"
},
{
"version_affected": "=",
"version_value": "1.3.13.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.1.10"
},
{
"version_affected": "=",
"version_value": "1.2.1.13"
},
{
"version_affected": "=",
"version_value": "1.1.1.19"
},
{
"version_affected": "=",
"version_value": "1.4.2.15"
},
{
"version_affected": "=",
"version_value": "1.5.1.05"
},
{
"version_affected": "=",
"version_value": "1.0.2.03"
},
{
"version_affected": "=",
"version_value": "1.1.0.09"
},
{
"version_affected": "=",
"version_value": "1.2.1.14"
},
{
"version_affected": "=",
"version_value": "1.3.2.02"
},
{
"version_affected": "=",
"version_value": "1.3.1.12"
},
{
"version_affected": "=",
"version_value": "1.0.1.17"
},
{
"version_affected": "=",
"version_value": "1.4.2.19"
},
{
"version_affected": "=",
"version_value": "1.1.1.06"
},
{
"version_affected": "=",
"version_value": "1.4.2.20"
},
{
"version_affected": "=",
"version_value": "1.4.2.22"
},
{
"version_affected": "=",
"version_value": "1.4.2.17"
},
{
"version_affected": "=",
"version_value": "4.2.3.14"
},
{
"version_affected": "=",
"version_value": "1.5.1.11"
},
{
"version_affected": "=",
"version_value": "1.5.1.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
]
},
"source": {
"advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"discovery": "EXTERNAL",
"defects": [
"CSCwm48770"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

237
2024/20xxx/CVE-2024-20518.json
View File

@ -1,17 +1,246 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20518",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n \r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.2.08-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.08"
},
{
"version_affected": "=",
"version_value": "4.1.1.01"
},
{
"version_affected": "=",
"version_value": "4.2.3.03"
},
{
"version_affected": "=",
"version_value": "3.0.0.1-tm"
},
{
"version_affected": "=",
"version_value": "4.1.0.02-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.09"
},
{
"version_affected": "=",
"version_value": "3.0.2.01-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.10"
},
{
"version_affected": "=",
"version_value": "3.0.0.19-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.06"
},
{
"version_affected": "=",
"version_value": "4.2.2.08"
},
{
"version_affected": "=",
"version_value": "4.0.3.03-tm"
},
{
"version_affected": "=",
"version_value": "4.0.0.7"
},
{
"version_affected": "=",
"version_value": "4.2.1.02"
},
{
"version_affected": "=",
"version_value": "4.2.3.07"
},
{
"version_affected": "=",
"version_value": "4.0.4.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.19-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.6-tm"
},
{
"version_affected": "=",
"version_value": "1.3.13.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.1.10"
},
{
"version_affected": "=",
"version_value": "1.2.1.13"
},
{
"version_affected": "=",
"version_value": "1.1.1.19"
},
{
"version_affected": "=",
"version_value": "1.4.2.15"
},
{
"version_affected": "=",
"version_value": "1.5.1.05"
},
{
"version_affected": "=",
"version_value": "1.0.2.03"
},
{
"version_affected": "=",
"version_value": "1.1.0.09"
},
{
"version_affected": "=",
"version_value": "1.2.1.14"
},
{
"version_affected": "=",
"version_value": "1.3.2.02"
},
{
"version_affected": "=",
"version_value": "1.3.1.12"
},
{
"version_affected": "=",
"version_value": "1.0.1.17"
},
{
"version_affected": "=",
"version_value": "1.4.2.19"
},
{
"version_affected": "=",
"version_value": "1.1.1.06"
},
{
"version_affected": "=",
"version_value": "1.4.2.20"
},
{
"version_affected": "=",
"version_value": "1.4.2.22"
},
{
"version_affected": "=",
"version_value": "1.4.2.17"
},
{
"version_affected": "=",
"version_value": "4.2.3.14"
},
{
"version_affected": "=",
"version_value": "1.5.1.11"
},
{
"version_affected": "=",
"version_value": "1.5.1.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
]
},
"source": {
"advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"discovery": "EXTERNAL",
"defects": [
"CSCwm48770"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

237
2024/20xxx/CVE-2024-20519.json
View File

@ -1,17 +1,246 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20519",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n \r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.2.08-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.08"
},
{
"version_affected": "=",
"version_value": "4.1.1.01"
},
{
"version_affected": "=",
"version_value": "4.2.3.03"
},
{
"version_affected": "=",
"version_value": "3.0.0.1-tm"
},
{
"version_affected": "=",
"version_value": "4.1.0.02-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.09"
},
{
"version_affected": "=",
"version_value": "3.0.2.01-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.10"
},
{
"version_affected": "=",
"version_value": "3.0.0.19-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.06"
},
{
"version_affected": "=",
"version_value": "4.2.2.08"
},
{
"version_affected": "=",
"version_value": "4.0.3.03-tm"
},
{
"version_affected": "=",
"version_value": "4.0.0.7"
},
{
"version_affected": "=",
"version_value": "4.2.1.02"
},
{
"version_affected": "=",
"version_value": "4.2.3.07"
},
{
"version_affected": "=",
"version_value": "4.0.4.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.19-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.6-tm"
},
{
"version_affected": "=",
"version_value": "1.3.13.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.1.10"
},
{
"version_affected": "=",
"version_value": "1.2.1.13"
},
{
"version_affected": "=",
"version_value": "1.1.1.19"
},
{
"version_affected": "=",
"version_value": "1.4.2.15"
},
{
"version_affected": "=",
"version_value": "1.5.1.05"
},
{
"version_affected": "=",
"version_value": "1.0.2.03"
},
{
"version_affected": "=",
"version_value": "1.1.0.09"
},
{
"version_affected": "=",
"version_value": "1.2.1.14"
},
{
"version_affected": "=",
"version_value": "1.3.2.02"
},
{
"version_affected": "=",
"version_value": "1.3.1.12"
},
{
"version_affected": "=",
"version_value": "1.0.1.17"
},
{
"version_affected": "=",
"version_value": "1.4.2.19"
},
{
"version_affected": "=",
"version_value": "1.1.1.06"
},
{
"version_affected": "=",
"version_value": "1.4.2.20"
},
{
"version_affected": "=",
"version_value": "1.4.2.22"
},
{
"version_affected": "=",
"version_value": "1.4.2.17"
},
{
"version_affected": "=",
"version_value": "4.2.3.14"
},
{
"version_affected": "=",
"version_value": "1.5.1.11"
},
{
"version_affected": "=",
"version_value": "1.5.1.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
]
},
"source": {
"advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"discovery": "EXTERNAL",
"defects": [
"CSCwm48770"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

237
2024/20xxx/CVE-2024-20520.json
View File

@ -1,17 +1,246 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20520",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n \r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.2.08-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.08"
},
{
"version_affected": "=",
"version_value": "4.1.1.01"
},
{
"version_affected": "=",
"version_value": "4.2.3.03"
},
{
"version_affected": "=",
"version_value": "3.0.0.1-tm"
},
{
"version_affected": "=",
"version_value": "4.1.0.02-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.09"
},
{
"version_affected": "=",
"version_value": "3.0.2.01-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.10"
},
{
"version_affected": "=",
"version_value": "3.0.0.19-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.06"
},
{
"version_affected": "=",
"version_value": "4.2.2.08"
},
{
"version_affected": "=",
"version_value": "4.0.3.03-tm"
},
{
"version_affected": "=",
"version_value": "4.0.0.7"
},
{
"version_affected": "=",
"version_value": "4.2.1.02"
},
{
"version_affected": "=",
"version_value": "4.2.3.07"
},
{
"version_affected": "=",
"version_value": "4.0.4.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.19-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.6-tm"
},
{
"version_affected": "=",
"version_value": "1.3.13.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.1.10"
},
{
"version_affected": "=",
"version_value": "1.2.1.13"
},
{
"version_affected": "=",
"version_value": "1.1.1.19"
},
{
"version_affected": "=",
"version_value": "1.4.2.15"
},
{
"version_affected": "=",
"version_value": "1.5.1.05"
},
{
"version_affected": "=",
"version_value": "1.0.2.03"
},
{
"version_affected": "=",
"version_value": "1.1.0.09"
},
{
"version_affected": "=",
"version_value": "1.2.1.14"
},
{
"version_affected": "=",
"version_value": "1.3.2.02"
},
{
"version_affected": "=",
"version_value": "1.3.1.12"
},
{
"version_affected": "=",
"version_value": "1.0.1.17"
},
{
"version_affected": "=",
"version_value": "1.4.2.19"
},
{
"version_affected": "=",
"version_value": "1.1.1.06"
},
{
"version_affected": "=",
"version_value": "1.4.2.20"
},
{
"version_affected": "=",
"version_value": "1.4.2.22"
},
{
"version_affected": "=",
"version_value": "1.4.2.17"
},
{
"version_affected": "=",
"version_value": "4.2.3.14"
},
{
"version_affected": "=",
"version_value": "1.5.1.11"
},
{
"version_affected": "=",
"version_value": "1.5.1.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
]
},
"source": {
"advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"discovery": "EXTERNAL",
"defects": [
"CSCwm48770"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

237
2024/20xxx/CVE-2024-20521.json
View File

@ -1,17 +1,246 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n \r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.2.08-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.08"
},
{
"version_affected": "=",
"version_value": "4.1.1.01"
},
{
"version_affected": "=",
"version_value": "4.2.3.03"
},
{
"version_affected": "=",
"version_value": "3.0.0.1-tm"
},
{
"version_affected": "=",
"version_value": "4.1.0.02-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.09"
},
{
"version_affected": "=",
"version_value": "3.0.2.01-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.10"
},
{
"version_affected": "=",
"version_value": "3.0.0.19-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.06"
},
{
"version_affected": "=",
"version_value": "4.2.2.08"
},
{
"version_affected": "=",
"version_value": "4.0.3.03-tm"
},
{
"version_affected": "=",
"version_value": "4.0.0.7"
},
{
"version_affected": "=",
"version_value": "4.2.1.02"
},
{
"version_affected": "=",
"version_value": "4.2.3.07"
},
{
"version_affected": "=",
"version_value": "4.0.4.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.19-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.6-tm"
},
{
"version_affected": "=",
"version_value": "1.3.13.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.1.10"
},
{
"version_affected": "=",
"version_value": "1.2.1.13"
},
{
"version_affected": "=",
"version_value": "1.1.1.19"
},
{
"version_affected": "=",
"version_value": "1.4.2.15"
},
{
"version_affected": "=",
"version_value": "1.5.1.05"
},
{
"version_affected": "=",
"version_value": "1.0.2.03"
},
{
"version_affected": "=",
"version_value": "1.1.0.09"
},
{
"version_affected": "=",
"version_value": "1.2.1.14"
},
{
"version_affected": "=",
"version_value": "1.3.2.02"
},
{
"version_affected": "=",
"version_value": "1.3.1.12"
},
{
"version_affected": "=",
"version_value": "1.0.1.17"
},
{
"version_affected": "=",
"version_value": "1.4.2.19"
},
{
"version_affected": "=",
"version_value": "1.1.1.06"
},
{
"version_affected": "=",
"version_value": "1.4.2.20"
},
{
"version_affected": "=",
"version_value": "1.4.2.22"
},
{
"version_affected": "=",
"version_value": "1.4.2.17"
},
{
"version_affected": "=",
"version_value": "4.2.3.14"
},
{
"version_affected": "=",
"version_value": "1.5.1.11"
},
{
"version_affected": "=",
"version_value": "1.5.1.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
]
},
"source": {
"advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"discovery": "EXTERNAL",
"defects": [
"CSCwm48770"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

237
2024/20xxx/CVE-2024-20522.json
View File

@ -1,17 +1,246 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20522",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n \r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.2.08-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.08"
},
{
"version_affected": "=",
"version_value": "4.1.1.01"
},
{
"version_affected": "=",
"version_value": "4.2.3.03"
},
{
"version_affected": "=",
"version_value": "3.0.0.1-tm"
},
{
"version_affected": "=",
"version_value": "4.1.0.02-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.09"
},
{
"version_affected": "=",
"version_value": "3.0.2.01-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.10"
},
{
"version_affected": "=",
"version_value": "3.0.0.19-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.06"
},
{
"version_affected": "=",
"version_value": "4.2.2.08"
},
{
"version_affected": "=",
"version_value": "4.0.3.03-tm"
},
{
"version_affected": "=",
"version_value": "4.0.0.7"
},
{
"version_affected": "=",
"version_value": "4.2.1.02"
},
{
"version_affected": "=",
"version_value": "4.2.3.07"
},
{
"version_affected": "=",
"version_value": "4.0.4.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.19-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.6-tm"
},
{
"version_affected": "=",
"version_value": "1.3.13.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.1.10"
},
{
"version_affected": "=",
"version_value": "1.2.1.13"
},
{
"version_affected": "=",
"version_value": "1.1.1.19"
},
{
"version_affected": "=",
"version_value": "1.4.2.15"
},
{
"version_affected": "=",
"version_value": "1.5.1.05"
},
{
"version_affected": "=",
"version_value": "1.0.2.03"
},
{
"version_affected": "=",
"version_value": "1.1.0.09"
},
{
"version_affected": "=",
"version_value": "1.2.1.14"
},
{
"version_affected": "=",
"version_value": "1.3.2.02"
},
{
"version_affected": "=",
"version_value": "1.3.1.12"
},
{
"version_affected": "=",
"version_value": "1.0.1.17"
},
{
"version_affected": "=",
"version_value": "1.4.2.19"
},
{
"version_affected": "=",
"version_value": "1.1.1.06"
},
{
"version_affected": "=",
"version_value": "1.4.2.20"
},
{
"version_affected": "=",
"version_value": "1.4.2.22"
},
{
"version_affected": "=",
"version_value": "1.4.2.17"
},
{
"version_affected": "=",
"version_value": "4.2.3.14"
},
{
"version_affected": "=",
"version_value": "1.5.1.11"
},
{
"version_affected": "=",
"version_value": "1.5.1.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
]
},
"source": {
"advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"discovery": "EXTERNAL",
"defects": [
"CSCwm48770"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

237
2024/20xxx/CVE-2024-20523.json
View File

@ -1,17 +1,246 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n \r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.2.08-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.08"
},
{
"version_affected": "=",
"version_value": "4.1.1.01"
},
{
"version_affected": "=",
"version_value": "4.2.3.03"
},
{
"version_affected": "=",
"version_value": "3.0.0.1-tm"
},
{
"version_affected": "=",
"version_value": "4.1.0.02-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.09"
},
{
"version_affected": "=",
"version_value": "3.0.2.01-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.10"
},
{
"version_affected": "=",
"version_value": "3.0.0.19-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.06"
},
{
"version_affected": "=",
"version_value": "4.2.2.08"
},
{
"version_affected": "=",
"version_value": "4.0.3.03-tm"
},
{
"version_affected": "=",
"version_value": "4.0.0.7"
},
{
"version_affected": "=",
"version_value": "4.2.1.02"
},
{
"version_affected": "=",
"version_value": "4.2.3.07"
},
{
"version_affected": "=",
"version_value": "4.0.4.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.19-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.6-tm"
},
{
"version_affected": "=",
"version_value": "1.3.13.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.1.10"
},
{
"version_affected": "=",
"version_value": "1.2.1.13"
},
{
"version_affected": "=",
"version_value": "1.1.1.19"
},
{
"version_affected": "=",
"version_value": "1.4.2.15"
},
{
"version_affected": "=",
"version_value": "1.5.1.05"
},
{
"version_affected": "=",
"version_value": "1.0.2.03"
},
{
"version_affected": "=",
"version_value": "1.1.0.09"
},
{
"version_affected": "=",
"version_value": "1.2.1.14"
},
{
"version_affected": "=",
"version_value": "1.3.2.02"
},
{
"version_affected": "=",
"version_value": "1.3.1.12"
},
{
"version_affected": "=",
"version_value": "1.0.1.17"
},
{
"version_affected": "=",
"version_value": "1.4.2.19"
},
{
"version_affected": "=",
"version_value": "1.1.1.06"
},
{
"version_affected": "=",
"version_value": "1.4.2.20"
},
{
"version_affected": "=",
"version_value": "1.4.2.22"
},
{
"version_affected": "=",
"version_value": "1.4.2.17"
},
{
"version_affected": "=",
"version_value": "4.2.3.14"
},
{
"version_affected": "=",
"version_value": "1.5.1.11"
},
{
"version_affected": "=",
"version_value": "1.5.1.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
]
},
"source": {
"advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"discovery": "EXTERNAL",
"defects": [
"CSCwm48770"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

237
2024/20xxx/CVE-2024-20524.json
View File

@ -1,17 +1,246 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20524",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n \r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.2.08-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.08"
},
{
"version_affected": "=",
"version_value": "4.1.1.01"
},
{
"version_affected": "=",
"version_value": "4.2.3.03"
},
{
"version_affected": "=",
"version_value": "3.0.0.1-tm"
},
{
"version_affected": "=",
"version_value": "4.1.0.02-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.09"
},
{
"version_affected": "=",
"version_value": "3.0.2.01-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.10"
},
{
"version_affected": "=",
"version_value": "3.0.0.19-tm"
},
{
"version_affected": "=",
"version_value": "4.2.3.06"
},
{
"version_affected": "=",
"version_value": "4.2.2.08"
},
{
"version_affected": "=",
"version_value": "4.0.3.03-tm"
},
{
"version_affected": "=",
"version_value": "4.0.0.7"
},
{
"version_affected": "=",
"version_value": "4.2.1.02"
},
{
"version_affected": "=",
"version_value": "4.2.3.07"
},
{
"version_affected": "=",
"version_value": "4.0.4.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.19-tm"
},
{
"version_affected": "=",
"version_value": "1.3.12.6-tm"
},
{
"version_affected": "=",
"version_value": "1.3.13.02-tm"
},
{
"version_affected": "=",
"version_value": "1.3.1.10"
},
{
"version_affected": "=",
"version_value": "1.2.1.13"
},
{
"version_affected": "=",
"version_value": "1.1.1.19"
},
{
"version_affected": "=",
"version_value": "1.4.2.15"
},
{
"version_affected": "=",
"version_value": "1.5.1.05"
},
{
"version_affected": "=",
"version_value": "1.0.2.03"
},
{
"version_affected": "=",
"version_value": "1.1.0.09"
},
{
"version_affected": "=",
"version_value": "1.2.1.14"
},
{
"version_affected": "=",
"version_value": "1.3.2.02"
},
{
"version_affected": "=",
"version_value": "1.3.1.12"
},
{
"version_affected": "=",
"version_value": "1.0.1.17"
},
{
"version_affected": "=",
"version_value": "1.4.2.19"
},
{
"version_affected": "=",
"version_value": "1.1.1.06"
},
{
"version_affected": "=",
"version_value": "1.4.2.20"
},
{
"version_affected": "=",
"version_value": "1.4.2.22"
},
{
"version_affected": "=",
"version_value": "1.4.2.17"
},
{
"version_affected": "=",
"version_value": "4.2.3.14"
},
{
"version_affected": "=",
"version_value": "1.5.1.11"
},
{
"version_affected": "=",
"version_value": "1.5.1.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
]
},
"source": {
"advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"discovery": "EXTERNAL",
"defects": [
"CSCwm48770"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

56
2024/41xxx/CVE-2024-41290.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-41290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/paragbagul111/CVE-2024-41290",
"url": "https://github.com/paragbagul111/CVE-2024-41290"
}
]
}

56
2024/46xxx/CVE-2024-46626.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46626",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/d0ub1edd/CVE-Reference/blob/main/CVE-2024-46626.md",
"url": "https://github.com/d0ub1edd/CVE-Reference/blob/main/CVE-2024-46626.md"
}
]
}

10
2024/6xxx/CVE-2024-6360.json
View File

@ -100,5 +100,15 @@
],
"value": "https://portal.microfocus.com/s/article/KM000033373?language=en_US"
}
],
"credits": [
{
"lang": "en",
"value": "Davide Brian Di Campi, TIM Security Red Team Research"
},
{
"lang": "en",
"value": "Massimiliano Brolli, TIM Security Red Team Research"
}
]
}

18
2024/9xxx/CVE-2024-9436.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9436",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9437.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9438.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}