mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
9c2e0c0d64
commit
be2f49a129
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. "
|
||||
"value": "A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. "
|
||||
"value": "A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user. "
|
||||
"value": "A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device. "
|
||||
"value": "A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -85,4 +85,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. "
|
||||
"value": "Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -86,4 +86,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. "
|
||||
"value": "Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -86,4 +86,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a DoS condition. This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device. "
|
||||
"value": "A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a DoS condition. This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol. "
|
||||
"value": "A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device. "
|
||||
"value": "A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload. "
|
||||
"value": "A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition. "
|
||||
"value": "A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -88,4 +88,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. "
|
||||
"value": "A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition. "
|
||||
"value": "A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash. "
|
||||
"value": "A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning. "
|
||||
"value": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise. "
|
||||
"value": "A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image. "
|
||||
"value": "A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -86,4 +86,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state. "
|
||||
"value": "A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The vulnerability is due to insufficient validation of the state of the PPP IP Control Protocol (IPCP). An attacker could exploit this vulnerability by making an ISDN call to an affected device and sending traffic through the ISDN channel prior to successful PPP authentication. Alternatively, an unauthenticated, remote attacker could exploit this vulnerability by sending traffic through an affected device that is configured to exit via an ISDN connection for which both the Dialer interface and the Basic Rate Interface (BRI) have been configured, but the Challenge Handshake Authentication Protocol (CHAP) password for PPP does not match the remote end. A successful exploit could allow the attacker to pass IPv4 traffic through an unauthenticated ISDN connection for a few seconds, from initial ISDN call setup until PPP authentication fails. "
|
||||
"value": "A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The vulnerability is due to insufficient validation of the state of the PPP IP Control Protocol (IPCP). An attacker could exploit this vulnerability by making an ISDN call to an affected device and sending traffic through the ISDN channel prior to successful PPP authentication. Alternatively, an unauthenticated, remote attacker could exploit this vulnerability by sending traffic through an affected device that is configured to exit via an ISDN connection for which both the Dialer interface and the Basic Rate Interface (BRI) have been configured, but the Challenge Handshake Authentication Protocol (CHAP) password for PPP does not match the remote end. A successful exploit could allow the attacker to pass IPv4 traffic through an unauthenticated ISDN connection for a few seconds, from initial ISDN call setup until PPP authentication fails."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel. "
|
||||
"value": "A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system. "
|
||||
"value": "A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. "
|
||||
"value": "A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to insufficient input validation of the banner parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by crafting a banner parameter and saving it. The attacker could then convince a user of the web interface to access a malicious link or could intercept a user request for the affected web interface and inject malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. "
|
||||
"value": "A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to insufficient input validation of the banner parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by crafting a banner parameter and saving it. The attacker could then convince a user of the web interface to access a malicious link or could intercept a user request for the affected web interface and inject malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. "
|
||||
"value": "A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -87,4 +87,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container. "
|
||||
"value": "A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the CLI and requesting shell access on an affected device. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS. "
|
||||
"value": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the CLI and requesting shell access on an affected device. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device. "
|
||||
"value": "A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise. "
|
||||
"value": "A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -84,4 +84,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges, which may lead to complete system compromise. An attacker would need valid administrator credentials to exploit this vulnerability. "
|
||||
"value": "A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges, which may lead to complete system compromise. An attacker would need valid administrator credentials to exploit this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -85,4 +85,4 @@
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product."
|
||||
"value": "On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. This has been solved in v3.8.8.2 and later release firmware."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -56,6 +56,11 @@
|
||||
"url": "https://www.facebook.com/Huang.YuHsiang.Phone/posts/1815316691945755",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.facebook.com/Huang.YuHsiang.Phone/posts/1815316691945755"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.draytek.com/about/security-advisory/urgent-security-updates-to-draytek-routers",
|
||||
"url": "https://www.draytek.com/about/security-advisory/urgent-security-updates-to-draytek-routers"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product."
|
||||
"value": "On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. This has been solved in v3.8.8.2 and later release firmware"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -56,6 +56,11 @@
|
||||
"url": "https://www.facebook.com/Huang.YuHsiang.Phone/posts/1815316691945755",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.facebook.com/Huang.YuHsiang.Phone/posts/1815316691945755"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.draytek.com/about/security-advisory/urgent-security-updates-to-draytek-routers",
|
||||
"url": "https://www.draytek.com/about/security-advisory/urgent-security-updates-to-draytek-routers"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
62
2019/16xxx/CVE-2019-16890.json
Normal file
62
2019/16xxx/CVE-2019-16890.json
Normal file
@ -0,0 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2019-16890",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/halo-dev/halo/issues/311",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/halo-dev/halo/issues/311"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,90 +1,90 @@
|
||||
{
|
||||
"data_format" : "MITRE",
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://www.ibm.com/support/pages/node/1073576",
|
||||
"refsource" : "CONFIRM",
|
||||
"title" : "IBM Security Bulletin 1073576 (Content Navigator)",
|
||||
"url" : "https://www.ibm.com/support/pages/node/1073576"
|
||||
},
|
||||
{
|
||||
"title" : "X-Force Vulnerability Report",
|
||||
"name" : "ibm-cn-cve20194571-xss (166721)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166721"
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
"data_format": "MITRE",
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Content Navigator",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "3.0CD"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "IBM"
|
||||
"name": "https://www.ibm.com/support/pages/node/1073576",
|
||||
"refsource": "CONFIRM",
|
||||
"title": "IBM Security Bulletin 1073576 (Content Navigator)",
|
||||
"url": "https://www.ibm.com/support/pages/node/1073576"
|
||||
},
|
||||
{
|
||||
"title": "X-Force Vulnerability Report",
|
||||
"name": "ibm-cn-cve20194571-xss (166721)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166721"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"CVE_data_meta" : {
|
||||
"STATE" : "PUBLIC",
|
||||
"DATE_PUBLIC" : "2019-09-23T00:00:00",
|
||||
"ASSIGNER" : "psirt@us.ibm.com",
|
||||
"ID" : "CVE-2019-4571"
|
||||
},
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"value" : "IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721.",
|
||||
"lang" : "eng"
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"impact" : {
|
||||
"cvssv3" : {
|
||||
"TM" : {
|
||||
"E" : "H",
|
||||
"RL" : "O",
|
||||
"RC" : "C"
|
||||
},
|
||||
"BM" : {
|
||||
"SCORE" : "5.400",
|
||||
"I" : "L",
|
||||
"AV" : "N",
|
||||
"A" : "N",
|
||||
"UI" : "R",
|
||||
"AC" : "L",
|
||||
"PR" : "L",
|
||||
"S" : "C",
|
||||
"C" : "L"
|
||||
}
|
||||
}
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"value" : "Cross-Site Scripting",
|
||||
"lang" : "eng"
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Content Navigator",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "3.0CD"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "IBM"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"CVE_data_meta": {
|
||||
"STATE": "PUBLIC",
|
||||
"DATE_PUBLIC": "2019-09-23T00:00:00",
|
||||
"ASSIGNER": "psirt@us.ibm.com",
|
||||
"ID": "CVE-2019-4571"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"value": "IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721.",
|
||||
"lang": "eng"
|
||||
}
|
||||
]
|
||||
},
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"impact": {
|
||||
"cvssv3": {
|
||||
"TM": {
|
||||
"E": "H",
|
||||
"RL": "O",
|
||||
"RC": "C"
|
||||
},
|
||||
"BM": {
|
||||
"SCORE": "5.400",
|
||||
"I": "L",
|
||||
"AV": "N",
|
||||
"A": "N",
|
||||
"UI": "R",
|
||||
"AC": "L",
|
||||
"PR": "L",
|
||||
"S": "C",
|
||||
"C": "L"
|
||||
}
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"value": "Cross-Site Scripting",
|
||||
"lang": "eng"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user