admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-25 17:01:55 +00:00
parent 7394de0468
commit fb72b077d8
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
14 changed files with 18781 additions and 3374 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15908
2022/20xxx/CVE-2022-20951.json
View File

File diff suppressed because it is too large Load Diff

25
2022/20xxx/CVE-2022-20952.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked. This vulnerability exists because malformed, encoded traffic is not properly detected. An attacker could exploit this vulnerability by connecting through an affected device to a malicious server and receiving malformed HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device."
"value": "A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked.\r\n\r This vulnerability exists because malformed, encoded traffic is not properly detected. An attacker could exploit this vulnerability by connecting through an affected device to a malicious server and receiving malformed HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
@ -35,21 +36,9 @@
"product": {
"product_data": [
{
"product_name": "Cisco Web Security Appliance (WSA)",
"product_name": "Cisco Secure Web Appliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.5.3-000"
},
{
"version_affected": "=",
"version_value": "10.5.5-000"
},
{
"version_affected": "=",
"version_value": "11.5.2-000"
},
{
"version_affected": "=",
"version_value": "11.8.0-414"
@ -74,10 +63,6 @@
"version_affected": "=",
"version_value": "12.0.3-007"
},
{
"version_affected": "=",
"version_value": "10.6.0-000"
},
{
"version_affected": "=",
"version_value": "12.5.2-007"
@ -134,7 +119,7 @@
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {

15
2022/20xxx/CVE-2022-20956.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Use of Privileged APIs"
"value": "Incorrect Use of Privileged APIs",
"cweId": "CWE-648"
}
]
}
@ -70,14 +71,9 @@
"references": {
"reference_data": [
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx",
"refsource": "MISC",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"
},
{
"url": "https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-broken-access-control/",
"refsource": "MISC",
"name": "https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-broken-access-control/"
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"
}
]
},
@ -85,13 +81,14 @@
"advisory": "cisco-sa-ise-access-contol-EeufSUCx",
"discovery": "EXTERNAL",
"defects": [
"CSCwb75965",
"CSCwc62419"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerability that is described in this advisory will become available after software fixes are released. Public reports of the vulnerability, including a description and classification without specific technical details, may become available after this advisory is published.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {

5445
2022/20xxx/CVE-2022-20958.json
View File

File diff suppressed because it is too large Load Diff

75
2022/20xxx/CVE-2022-20960.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerability by establishing a large number of concurrent TLS connections to an affected device. A successful exploit could allow the attacker to cause the device to drop new TLS email messages that come from the associated email servers. Exploitation of this vulnerability does not cause the affected device to unexpectedly reload. The device will recover autonomously within a few hours of when the attack is halted or mitigated."
"value": "A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerability by establishing a large number of concurrent TLS connections to an affected device. A successful exploit could allow the attacker to cause the device to drop new TLS email messages that come from the associated email servers. Exploitation of this vulnerability does not cause the affected device to unexpectedly reload. The device will recover autonomously within a few hours of when the attack is halted or mitigated."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
@ -35,72 +36,60 @@
"product": {
"product_data": [
{
"product_name": "Cisco Email Security Appliance (ESA)",
"product_name": "Cisco Secure Email",
"version": {
"version_data": [
{
"version_value": "10.0.1-087",
"version_affected": "="
"version_affected": "=",
"version_value": "11.0.3-238"
},
{
"version_value": "11.0.3-238",
"version_affected": "="
"version_affected": "=",
"version_value": "11.1.0-069"
},
{
"version_value": "11.1.0-069",
"version_affected": "="
"version_affected": "=",
"version_value": "11.1.0-131"
},
{
"version_value": "11.1.0-131",
"version_affected": "="
"version_affected": "=",
"version_value": "11.1.0-128"
},
{
"version_value": "11.1.0-128",
"version_affected": "="
"version_affected": "=",
"version_value": "12.0.0-419"
},
{
"version_value": "11.1.1-000",
"version_affected": "="
"version_affected": "=",
"version_value": "12.1.0-071"
},
{
"version_value": "11.1.2-000",
"version_affected": "="
"version_affected": "=",
"version_value": "12.1.0-087"
},
{
"version_value": "12.0.0-419",
"version_affected": "="
"version_affected": "=",
"version_value": "12.1.0-089"
},
{
"version_value": "12.1.0-071",
"version_affected": "="
"version_affected": "=",
"version_value": "13.0.0-392"
},
{
"version_value": "12.1.0-087",
"version_affected": "="
"version_affected": "=",
"version_value": "13.5.1-277"
},
{
"version_value": "12.1.0-089",
"version_affected": "="
"version_affected": "=",
"version_value": "12.5.0-066"
},
{
"version_value": "13.0.0-392",
"version_affected": "="
"version_affected": "=",
"version_value": "14.0.0-698"
},
{
"version_value": "13.5.1-277",
"version_affected": "="
},
{
"version_value": "12.5.0-066",
"version_affected": "="
},
{
"version_value": "14.0.0-698",
"version_affected": "="
},
{
"version_value": "14.2.0-620",
"version_affected": "="
"version_affected": "=",
"version_value": "14.2.0-620"
}
]
}
@ -114,9 +103,9 @@
"references": {
"reference_data": [
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-gdghHmbV",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-gdghHmbV",
"refsource": "MISC",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-gdghHmbV"
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-gdghHmbV"
}
]
},

179
2022/20xxx/CVE-2022-20961.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user."
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)"
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
@ -39,172 +40,116 @@
"version": {
"version_data": [
{
"version_value": "2.4.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0"
},
{
"version_value": "2.4.0 p1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p1"
},
{
"version_value": "2.4.0 p10",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p2"
},
{
"version_value": "2.4.0 p11",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p3"
},
{
"version_value": "2.4.0 p12",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p5"
},
{
"version_value": "2.4.0 p2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p6"
},
{
"version_value": "2.4.0 p3",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p7"
},
{
"version_value": "2.4.0 p5",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p8"
},
{
"version_value": "2.4.0 p6",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p9"
},
{
"version_value": "2.4.0 p7",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p10"
},
{
"version_value": "2.4.0 p8",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p11"
},
{
"version_value": "2.4.0 p9",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0"
},
{
"version_value": "2.4.0 p13",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p1"
},
{
"version_value": "2.4.0 p14",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p2"
},
{
"version_value": "2.6.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p3"
},
{
"version_value": "2.6.0 p1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p4"
},
{
"version_value": "2.6.0 p2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p5"
},
{
"version_value": "2.6.0 p3",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p6"
},
{
"version_value": "2.6.0 p5",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p7"
},
{
"version_value": "2.6.0 p6",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_value": "2.6.0 p7",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_value": "2.6.0 p8",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_value": "2.6.0 p9",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_value": "2.6.0 p10",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_value": "2.6.0 p11",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_value": "2.7.0",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_value": "2.7.0 p1",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_value": "2.7.0 p2",
"version_affected": "="
},
{
"version_value": "2.7.0 p3",
"version_affected": "="
},
{
"version_value": "2.7.0 p4",
"version_affected": "="
},
{
"version_value": "2.7.0 p5",
"version_affected": "="
},
{
"version_value": "2.7.0 p6",
"version_affected": "="
},
{
"version_value": "2.7.0 p7",
"version_affected": "="
},
{
"version_value": "3.0.0",
"version_affected": "="
},
{
"version_value": "3.0.0 p1",
"version_affected": "="
},
{
"version_value": "3.0.0 p2",
"version_affected": "="
},
{
"version_value": "3.0.0 p3",
"version_affected": "="
},
{
"version_value": "3.0.0 p4",
"version_affected": "="
},
{
"version_value": "3.0.0 p5",
"version_affected": "="
},
{
"version_value": "3.1.0",
"version_affected": "="
},
{
"version_value": "3.1.0 p1",
"version_affected": "="
},
{
"version_value": "3.1.0 p3",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.0 p3"
}
]
}
@ -218,15 +163,15 @@
"references": {
"reference_data": [
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-vgNtTpAs",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-vgNtTpAs",
"refsource": "MISC",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-vgNtTpAs"
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-vgNtTpAs"
}
]
},
"source": {
"advisory": "cisco-sa-ise-csrf-vgNtTpAs",
"discovery": "INTERNAL",
"discovery": "EXTERNAL",
"defects": [
"CSCwb75954"
]

23
2022/20xxx/CVE-2022-20962.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges."
"value": "A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Path Traversal"
"value": "Path Traversal",
"cweId": "CWE-37"
}
]
}
@ -39,16 +40,16 @@
"version": {
"version_data": [
{
"version_value": "3.1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_value": "3.1.0 p1",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_value": "3.1.0 p3",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.0 p3"
}
]
}
@ -62,15 +63,15 @@
"references": {
"reference_data": [
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-f6M7cs6r",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-f6M7cs6r",
"refsource": "MISC",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-f6M7cs6r"
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-f6M7cs6r"
}
]
},
"source": {
"advisory": "cisco-sa-ise-path-trav-f6M7cs6r",
"discovery": "INTERNAL",
"discovery": "EXTERNAL",
"defects": [
"CSCwb75941"
]

187
2022/20xxx/CVE-2022-20963.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid credentials to access the web-based management interface of an affected device."
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid credentials to access the web-based management interface of an affected device."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Alternate XSS Syntax"
"value": "Improper Neutralization of Alternate XSS Syntax",
"cweId": "CWE-87"
}
]
}
@ -39,180 +40,124 @@
"version": {
"version_data": [
{
"version_value": "2.4.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0"
},
{
"version_value": "2.4.0 p1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p1"
},
{
"version_value": "2.4.0 p10",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p2"
},
{
"version_value": "2.4.0 p11",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p3"
},
{
"version_value": "2.4.0 p12",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p5"
},
{
"version_value": "2.4.0 p2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p6"
},
{
"version_value": "2.4.0 p3",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p7"
},
{
"version_value": "2.4.0 p5",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p8"
},
{
"version_value": "2.4.0 p6",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p9"
},
{
"version_value": "2.4.0 p7",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p10"
},
{
"version_value": "2.4.0 p8",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p11"
},
{
"version_value": "2.4.0 p9",
"version_affected": "="
"version_affected": "=",
"version_value": "2.6.0 p12"
},
{
"version_value": "2.4.0 p13",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0"
},
{
"version_value": "2.4.0 p14",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p1"
},
{
"version_value": "2.6.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p2"
},
{
"version_value": "2.6.0 p1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p3"
},
{
"version_value": "2.6.0 p2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p4"
},
{
"version_value": "2.6.0 p3",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p5"
},
{
"version_value": "2.6.0 p5",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p6"
},
{
"version_value": "2.6.0 p6",
"version_affected": "="
"version_affected": "=",
"version_value": "2.7.0 p7"
},
{
"version_value": "2.6.0 p7",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_value": "2.6.0 p8",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_value": "2.6.0 p9",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_value": "2.6.0 p10",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_value": "2.6.0 p11",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_value": "2.6.0 p12",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_value": "2.7.0",
"version_affected": "="
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_value": "2.7.0 p1",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_value": "2.7.0 p2",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_value": "2.7.0 p3",
"version_affected": "="
},
{
"version_value": "2.7.0 p4",
"version_affected": "="
},
{
"version_value": "2.7.0 p5",
"version_affected": "="
},
{
"version_value": "2.7.0 p6",
"version_affected": "="
},
{
"version_value": "2.7.0 p7",
"version_affected": "="
},
{
"version_value": "3.0.0",
"version_affected": "="
},
{
"version_value": "3.0.0 p1",
"version_affected": "="
},
{
"version_value": "3.0.0 p2",
"version_affected": "="
},
{
"version_value": "3.0.0 p3",
"version_affected": "="
},
{
"version_value": "3.0.0 p4",
"version_affected": "="
},
{
"version_value": "3.0.0 p5",
"version_affected": "="
},
{
"version_value": "3.0.0 p6",
"version_affected": "="
},
{
"version_value": "3.1.0",
"version_affected": "="
},
{
"version_value": "3.1.0 p1",
"version_affected": "="
},
{
"version_value": "3.1.0 p3",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.0 p3"
}
]
}
@ -226,15 +171,15 @@
"references": {
"reference_data": [
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stor-xss-kpRBWXY",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stor-xss-kpRBWXY",
"refsource": "MISC",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stor-xss-kpRBWXY"
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stor-xss-kpRBWXY"
}
]
},
"source": {
"advisory": "cisco-sa-ise-stor-xss-kpRBWXY",
"discovery": "INTERNAL",
"discovery": "EXTERNAL",
"defects": [
"CSCwb75959"
]

14
2022/20xxx/CVE-2022-20964.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
@ -102,6 +103,10 @@
"version_affected": "=",
"version_value": "2.7.0 p3"
},
{
"version_affected": "=",
"version_value": "2.7.0 p4"
},
{
"version_affected": "=",
"version_value": "2.7.0 p5"
@ -177,11 +182,6 @@
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx"
},
{
"url": "https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-multiple-vulnerabilities-rce-with-1-click/",
"refsource": "MISC",
"name": "https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-multiple-vulnerabilities-rce-with-1-click/"
}
]
},
@ -195,7 +195,7 @@
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerabilities that are described in this advisory will become available after software fixes are released. Public reports of the vulnerabilities, including a description and classification without specific technical details, may become available after this advisory is published.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {

14
2022/20xxx/CVE-2022-20965.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Use of Privileged APIs",
"cweId": "CWE-648"
}
]
}
@ -162,6 +163,10 @@
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0"
@ -181,11 +186,6 @@
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx"
},
{
"url": "https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-multiple-vulnerabilities-rce-with-1-click/",
"refsource": "MISC",
"name": "https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-multiple-vulnerabilities-rce-with-1-click/"
}
]
},
@ -199,7 +199,7 @@
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerabilities that are described in this advisory will become available after software fixes are released. Public reports of the vulnerabilities, including a description and classification without specific technical details, may become available after this advisory is published.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {

14
2022/20xxx/CVE-2022-20966.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
@ -162,6 +163,10 @@
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0"
@ -181,11 +186,6 @@
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx"
},
{
"url": "https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-multiple-vulnerabilities-rce-with-1-click/",
"refsource": "MISC",
"name": "https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-multiple-vulnerabilities-rce-with-1-click/"
}
]
},
@ -199,7 +199,7 @@
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerabilities that are described in this advisory will become available after software fixes are released. Public reports of the vulnerabilities, including a description and classification without specific technical details, may become available after this advisory is published.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {

14
2022/20xxx/CVE-2022-20967.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
@ -162,6 +163,10 @@
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0"
@ -181,11 +186,6 @@
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx"
},
{
"url": "https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-multiple-vulnerabilities-rce-with-1-click/",
"refsource": "MISC",
"name": "https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-multiple-vulnerabilities-rce-with-1-click/"
}
]
},
@ -199,7 +199,7 @@
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerabilities that are described in this advisory will become available after software fixes are released. Public reports of the vulnerabilities, including a description and classification without specific technical details, may become available after this advisory is published.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {

229
2022/20xxx/CVE-2022-20968.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device."
"value": "A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.\r\n\r\nThis vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write"
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
@ -39,224 +40,220 @@
"version": {
"version_data": [
{
"version_value": "9.3(3)",
"version_affected": "="
"version_affected": "=",
"version_value": "9.3(4) 3rd Party"
},
{
"version_value": "9.3(4) 3rd Party",
"version_affected": "="
"version_affected": "=",
"version_value": "9.3(4)SR3 3rd Party"
},
{
"version_value": "9.3(4)SR3 3rd Party",
"version_affected": "="
"version_affected": "=",
"version_value": "9.3(4)SR1 3rd Party"
},
{
"version_value": "9.3(4)SR1 3rd Party",
"version_affected": "="
"version_affected": "=",
"version_value": "9.3(4)SR2 3rd Party"
},
{
"version_value": "9.3(4)SR2 3rd Party",
"version_affected": "="
"version_affected": "=",
"version_value": "11.5(1)"
},
{
"version_value": "11.5(1)",
"version_affected": "="
"version_affected": "=",
"version_value": "11.7(1)"
},
{
"version_value": "11.7(1)",
"version_affected": "="
"version_affected": "=",
"version_value": "11.0(0.7) MPP"
},
{
"version_value": "11.0(0.7) MPP",
"version_affected": "="
"version_affected": "=",
"version_value": "11.0(1) MPP"
},
{
"version_value": "11.0(1) MPP",
"version_affected": "="
"version_affected": "=",
"version_value": "11.0(1)"
},
{
"version_value": "11.0(1)",
"version_affected": "="
"version_affected": "=",
"version_value": "11.5(1)SR1"
},
{
"version_value": "11.5(1)SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "11-0-1MSR1-1"
},
{
"version_value": "11-0-1MSR1-1",
"version_affected": "="
"version_affected": "=",
"version_value": "10.4(1) 3rd Party"
},
{
"version_value": "10.4(1) 3rd Party",
"version_affected": "="
"version_affected": "=",
"version_value": "10.3(1.11) 3rd Party"
},
{
"version_value": "10.3(1.11) 3rd Party",
"version_affected": "="
"version_affected": "=",
"version_value": "10.2(2)"
},
{
"version_value": "10.2(2)",
"version_affected": "="
"version_affected": "=",
"version_value": "10.2(1)SR1"
},
{
"version_value": "10.2(1)SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "10.1(1.9)"
},
{
"version_value": "10.1(1.9)",
"version_affected": "="
"version_affected": "=",
"version_value": "10.1(1)SR2"
},
{
"version_value": "10.1(1)SR2",
"version_affected": "="
"version_affected": "=",
"version_value": "10.2(1)"
},
{
"version_value": "10.2(1)",
"version_affected": "="
"version_affected": "=",
"version_value": "10.1(1)SR1"
},
{
"version_value": "10.1(1)SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "10.4(1)SR2 3rd Party"
},
{
"version_value": "10.4(1)SR2 3rd Party",
"version_affected": "="
"version_affected": "=",
"version_value": "10.3(1)"
},
{
"version_value": "10.3(1)",
"version_affected": "="
"version_affected": "=",
"version_value": "10.3(1)SR4b"
},
{
"version_value": "10.3(1)SR4b",
"version_affected": "="
"version_affected": "=",
"version_value": "10.3(1)SR5"
},
{
"version_value": "10.3(1)SR5",
"version_affected": "="
"version_affected": "=",
"version_value": "10.3(1.9) 3rd Party"
},
{
"version_value": "10.3(1.9) 3rd Party",
"version_affected": "="
"version_affected": "=",
"version_value": "10.3(2)"
},
{
"version_value": "10.3(2)",
"version_affected": "="
"version_affected": "=",
"version_value": "10.3(1)SR4"
},
{
"version_value": "10.3(1)SR4",
"version_affected": "="
"version_affected": "=",
"version_value": "10.3(1)SR2"
},
{
"version_value": "10.3(1)SR2",
"version_affected": "="
"version_affected": "=",
"version_value": "10.3(1)SR3"
},
{
"version_value": "10.3(1)SR3",
"version_affected": "="
"version_affected": "=",
"version_value": "10.3(1)SR1"
},
{
"version_value": "10.3(1)SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "12.6(1)"
},
{
"version_value": "12.6(1)",
"version_affected": "="
"version_affected": "=",
"version_value": "12.1(1)"
},
{
"version_value": "12.1(1)",
"version_affected": "="
"version_affected": "=",
"version_value": "12.5(1)SR1"
},
{
"version_value": "12.5(1)SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "12.5(1)SR2"
},
{
"version_value": "12.5(1)SR2",
"version_affected": "="
"version_affected": "=",
"version_value": "12.5(1)"
},
{
"version_value": "12.5(1)",
"version_affected": "="
"version_affected": "=",
"version_value": "12.5(1)SR3"
},
{
"version_value": "12.5(1)SR3",
"version_affected": "="
"version_affected": "=",
"version_value": "12.6(1)SR1"
},
{
"version_value": "12.6(1)SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "12.7(1)"
},
{
"version_value": "12.7(1)",
"version_affected": "="
"version_affected": "=",
"version_value": "12.1(1)SR1"
},
{
"version_value": "12.1(1)SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "12.0(1)"
},
{
"version_value": "12.0(1)",
"version_affected": "="
"version_affected": "=",
"version_value": "12.0(1)SR2"
},
{
"version_value": "12.0(1)SR2",
"version_affected": "="
"version_affected": "=",
"version_value": "12.0(1)SR1"
},
{
"version_value": "12.0(1)SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "12.0(1)SR3"
},
{
"version_value": "12.0(1)SR3",
"version_affected": "="
"version_affected": "=",
"version_value": "12.8(1)"
},
{
"version_value": "12.8(1)",
"version_affected": "="
"version_affected": "=",
"version_value": "12.8(1)SR1"
},
{
"version_value": "12.8(1)SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "12.8(1)SR2"
},
{
"version_value": "12.8(1)SR2",
"version_affected": "="
"version_affected": "=",
"version_value": "10.3(1)SR6"
},
{
"version_value": "10.3(1)SR6",
"version_affected": "="
"version_affected": "=",
"version_value": "10.3(1)SR7"
},
{
"version_value": "10.3(1)SR7",
"version_affected": "="
"version_affected": "=",
"version_value": "12.7(1)SR1"
},
{
"version_value": "12.7(1)SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "14.0(1)SR1"
},
{
"version_value": "14.0(1)SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "14.0(1)"
},
{
"version_value": "14.0(1)",
"version_affected": "="
"version_affected": "=",
"version_value": "14.0(1)SR2"
},
{
"version_value": "14.0(1)SR2",
"version_affected": "="
"version_affected": "=",
"version_value": "14.0(1)SR3"
},
{
"version_value": "14.0(1)SR3",
"version_affected": "="
"version_affected": "=",
"version_value": "14.1(1)"
},
{
"version_value": "14.1(1)",
"version_affected": "="
},
{
"version_value": "14.1(1)SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "14.1(1)SR1"
}
]
}
@ -270,9 +267,9 @@
"references": {
"reference_data": [
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U",
"refsource": "MISC",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U"
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U"
}
]
},

13
2022/20xxx/CVE-2022-20969.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
"value": "A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard.\r\n\r This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
@ -39,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "N/A",
"version_affected": "="
"version_affected": "=",
"version_value": "N/A"
}
]
}
@ -54,9 +55,9 @@
"references": {
"reference_data": [
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-xss-LfeYQV3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-xss-LfeYQV3",
"refsource": "MISC",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-xss-LfeYQV3"
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-xss-LfeYQV3"
}
]
},