admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-25 17:02:47 +00:00
parent e89602c717
commit fdba71a800
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
13 changed files with 140 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2023/20xxx/CVE-2023-20032.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
@ -35,57 +36,9 @@
"product": {
"product_data": [
{
"product_name": "Cisco Web Security Appliance (WSA)",
"product_name": "Cisco Secure Web Appliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.5.1-270"
},
{
"version_affected": "=",
"version_value": "10.5.1-296"
},
{
"version_affected": "=",
"version_value": "10.5.2-061"
},
{
"version_affected": "=",
"version_value": "10.5.2-072"
},
{
"version_affected": "=",
"version_value": "10.5.6-022"
},
{
"version_affected": "=",
"version_value": "10.5.3-000"
},
{
"version_affected": "=",
"version_value": "10.5.5-000"
},
{
"version_affected": "=",
"version_value": "11.5.1-124"
},
{
"version_affected": "=",
"version_value": "11.5.1-125"
},
{
"version_affected": "=",
"version_value": "11.5.1-115"
},
{
"version_affected": "=",
"version_value": "11.5.3-016"
},
{
"version_affected": "=",
"version_value": "11.5.2-000"
},
{
"version_affected": "=",
"version_value": "11.7.0-406"
@ -134,10 +87,6 @@
"version_affected": "=",
"version_value": "12.0.3-007"
},
{
"version_affected": "=",
"version_value": "10.6.0-000"
},
{
"version_affected": "=",
"version_value": "12.5.2-007"
@ -170,7 +119,7 @@
}
},
{
"product_name": "Cisco AMP for Endpoints",
"product_name": "Cisco Secure Endpoint",
"version": {
"version_data": [
{
@ -205,14 +154,6 @@
"version_affected": "=",
"version_value": "1.12.2"
},
{
"version_affected": "=",
"version_value": "1.12.0"
},
{
"version_affected": "=",
"version_value": "1.12.6"
},
{
"version_affected": "=",
"version_value": "1.12.3"
@ -225,10 +166,6 @@
"version_affected": "=",
"version_value": "1.12.4"
},
{
"version_affected": "=",
"version_value": "1.11.1"
},
{
"version_affected": "=",
"version_value": "1.11.0"
@ -237,10 +174,6 @@
"version_affected": "=",
"version_value": "1.10.2"
},
{
"version_affected": "=",
"version_value": "1.10.1"
},
{
"version_affected": "=",
"version_value": "1.10.0"
@ -273,10 +206,6 @@
"version_affected": "=",
"version_value": "7.2.13"
},
{
"version_affected": "=",
"version_value": "7.3.9"
},
{
"version_affected": "=",
"version_value": "7.3.5"
@ -307,11 +236,6 @@
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy"
},
{
"url": "https://security.gentoo.org/glsa/202310-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202310-01"
}
]
},
@ -329,7 +253,7 @@
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that a proof-of-concept is available that demonstrates that this vulnerability can be used to cause a buffer overflow and subsequent process termination.\r\n\r\nAdditional technical information is also available that describes this vulnerability in detail.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {

3
2023/20xxx/CVE-2023-20033.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}

3
2023/20xxx/CVE-2023-20034.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}

29
2023/20xxx/CVE-2023-20037.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by sending requests containing malicious values to the affected system. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
"value": "A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks.\r\n\r The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by sending requests containing malicious values to the affected system. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
@ -39,28 +40,28 @@
"version": {
"version_data": [
{
"version_value": "1.5.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_value": "1.5.1",
"version_affected": "="
"version_affected": "=",
"version_value": "1.5.1"
},
{
"version_value": "1.4.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_value": "1.0.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0.0"
},
{
"version_value": "1.6.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.6.0"
},
{
"version_value": "1.6.1",
"version_affected": "="
"version_affected": "=",
"version_value": "1.6.1"
}
]
}

25
2023/20xxx/CVE-2023-20038.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director."
"value": "A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems.\r\n\r This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
@ -39,24 +40,24 @@
"version": {
"version_data": [
{
"version_value": "1.5.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_value": "1.5.1",
"version_affected": "="
"version_affected": "=",
"version_value": "1.5.1"
},
{
"version_value": "1.4.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_value": "1.0.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0.0"
},
{
"version_value": "1.0.1",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0.1"
}
]
}

9
2023/20xxx/CVE-2023-20040.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group. This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used."
"value": "A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.\r\n\r This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. \r\n\r Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Relative Path Traversal",
"cweId": "CWE-23"
}
]
}
@ -39,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "N/A",
"version_affected": "="
"version_affected": "=",
"version_value": "4.7.3"
}
]
}

3
2023/20xxx/CVE-2023-20041.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}

3
2023/20xxx/CVE-2023-20042.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Resource Shutdown or Release",
"cweId": "CWE-404"
}
]
}

65
2023/20xxx/CVE-2023-20043.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device."
"value": "A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges.\r\n\r This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Ownership Assignment",
"cweId": "CWE-708"
}
]
}
@ -39,64 +40,64 @@
"version": {
"version_data": [
{
"version_value": "0.9",
"version_affected": "="
"version_affected": "=",
"version_value": "0.9"
},
{
"version_value": "0.0.1",
"version_affected": "="
"version_affected": "=",
"version_value": "0.0.1"
},
{
"version_value": "0.0.2",
"version_affected": "="
"version_affected": "=",
"version_value": "0.0.2"
},
{
"version_value": "0.9.2",
"version_affected": "="
"version_affected": "=",
"version_value": "0.9.2"
},
{
"version_value": "0.9.3",
"version_affected": "="
"version_affected": "=",
"version_value": "0.9.3"
},
{
"version_value": "1.1",
"version_affected": "="
"version_affected": "=",
"version_value": "1.1"
},
{
"version_value": "1.2",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2"
},
{
"version_value": "1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "1.3"
},
{
"version_value": "1.4",
"version_affected": "="
"version_affected": "=",
"version_value": "1.4"
},
{
"version_value": "1.5",
"version_affected": "="
"version_affected": "=",
"version_value": "1.5"
},
{
"version_value": "1.6",
"version_affected": "="
"version_affected": "=",
"version_value": "1.6"
},
{
"version_value": "1.7",
"version_affected": "="
"version_affected": "=",
"version_value": "1.7"
},
{
"version_value": "1.8",
"version_affected": "="
"version_affected": "=",
"version_value": "1.8"
},
{
"version_value": "1.0.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0.0"
},
{
"version_value": "2.2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.2"
}
]
}

85
2023/20xxx/CVE-2023-20044.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device."
"value": "A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges.\r\n\r This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Ownership Assignment",
"cweId": "CWE-708"
}
]
}
@ -39,84 +40,84 @@
"version": {
"version_data": [
{
"version_value": "0.9",
"version_affected": "="
"version_affected": "=",
"version_value": "0.9"
},
{
"version_value": "0.0.1",
"version_affected": "="
"version_affected": "=",
"version_value": "0.0.1"
},
{
"version_value": "0.0.2",
"version_affected": "="
"version_affected": "=",
"version_value": "0.0.2"
},
{
"version_value": "0.9.2",
"version_affected": "="
"version_affected": "=",
"version_value": "0.9.2"
},
{
"version_value": "0.9.3",
"version_affected": "="
"version_affected": "=",
"version_value": "0.9.3"
},
{
"version_value": "1.1",
"version_affected": "="
"version_affected": "=",
"version_value": "1.1"
},
{
"version_value": "1.10",
"version_affected": "="
"version_affected": "=",
"version_value": "1.10"
},
{
"version_value": "1.11",
"version_affected": "="
"version_affected": "=",
"version_value": "1.11"
},
{
"version_value": "1.12",
"version_affected": "="
"version_affected": "=",
"version_value": "1.12"
},
{
"version_value": "1.2",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2"
},
{
"version_value": "1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "1.3"
},
{
"version_value": "1.4",
"version_affected": "="
"version_affected": "=",
"version_value": "1.4"
},
{
"version_value": "1.5",
"version_affected": "="
"version_affected": "=",
"version_value": "1.5"
},
{
"version_value": "1.6",
"version_affected": "="
"version_affected": "=",
"version_value": "1.6"
},
{
"version_value": "1.7",
"version_affected": "="
"version_affected": "=",
"version_value": "1.7"
},
{
"version_value": "1.8",
"version_affected": "="
"version_affected": "=",
"version_value": "1.8"
},
{
"version_value": "1.9",
"version_affected": "="
"version_affected": "=",
"version_value": "1.9"
},
{
"version_value": "1.0.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0.0"
},
{
"version_value": "2.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0"
},
{
"version_value": "2.2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.2"
}
]
}

9
2023/20xxx/CVE-2023-20045.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on the affected device. To exploit this vulnerability, the attacker must have valid Administrator-level credentials on the affected device."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.\r\n\r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on the affected device. To exploit this vulnerability, the attacker must have valid Administrator-level credentials on the affected device."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
@ -39,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "N/A",
"version_affected": "="
"version_affected": "=",
"version_value": "N/A"
}
]
}

8
2023/20xxx/CVE-2023-20046.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Authentication Bypass by Alternate Name",
"cweId": "CWE-289"
}
]
}
@ -1680,11 +1681,6 @@
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"
},
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-j7p3-gjw6-pp4r",
"refsource": "MISC",
"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-j7p3-gjw6-pp4r"
}
]
},

21
2023/20xxx/CVE-2023-20047.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient resource allocation. An attacker could exploit this vulnerability by sending crafted LLDP traffic to an affected device. A successful exploit could allow the attacker to exhaust the memory resources of the affected device, resulting in a crash of the LLDP process. If the affected device is configured to support LLDP only, this could cause an interruption to inbound and outbound calling. By default, these devices are configured to support both Cisco Discovery Protocol and LLDP. To recover operational state, the affected device needs a manual restart."
"value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to insufficient resource allocation. An attacker could exploit this vulnerability by sending crafted LLDP traffic to an affected device. A successful exploit could allow the attacker to exhaust the memory resources of the affected device, resulting in a crash of the LLDP process. If the affected device is configured to support LLDP only, this could cause an interruption to inbound and outbound calling. By default, these devices are configured to support both Cisco Discovery Protocol and LLDP. To recover operational state, the affected device needs a manual restart."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
@ -39,20 +40,20 @@
"version": {
"version_data": [
{
"version_value": "RoomPhone 1.1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "RoomPhone 1.1.0"
},
{
"version_value": "RoomPhone 1.2.0",
"version_affected": "="
"version_affected": "=",
"version_value": "RoomPhone 1.2.0"
},
{
"version_value": "RoomPhone 1.2.0SR1",
"version_affected": "="
"version_affected": "=",
"version_value": "RoomPhone 1.2.0SR1"
},
{
"version_value": "RoomPhone 1.2.0SR2",
"version_affected": "="
"version_affected": "=",
"version_value": "RoomPhone 1.2.0SR2"
}
]
}