Total
538 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20856 | 1 Cisco | 8 Catalyst 9800, Catalyst 9800-40, Catalyst 9800-80 and 5 more | 2023-11-07 | N/A | 7.5 HIGH |
| A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2022-20851 | 1 Cisco | 259 1000 Integrated Services Router, 1100-4g Integrated Services Router, 1100-4p Integrated Services Router and 256 more | 2023-11-07 | N/A | 7.2 HIGH |
| A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device. | |||||
| CVE-2022-20848 | 1 Cisco | 360 1000 Integrated Services Router, 1100-4g\/6g Integrated Services Router, 1100-4g Integrated Services Router and 357 more | 2023-11-07 | N/A | 7.5 HIGH |
| A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2022-20693 | 1 Cisco | 1 Ios Xe | 2023-11-07 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. | |||||
| CVE-2022-20697 | 1 Cisco | 2 Ios, Ios Xe | 2023-11-07 | 6.8 MEDIUM | 8.6 HIGH |
| A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2022-20682 | 1 Cisco | 1 Ios Xe | 2023-11-07 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. An attacker could exploit this vulnerability by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. | |||||
| CVE-2022-20694 | 1 Cisco | 1 Ios Xe | 2023-11-07 | 7.1 HIGH | 6.8 MEDIUM |
| A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable. | |||||
| CVE-2022-20683 | 1 Cisco | 1 Ios Xe | 2023-11-07 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition. | |||||
| CVE-2022-20692 | 1 Cisco | 1 Ios Xe | 2023-11-07 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device. | |||||
| CVE-2022-20725 | 1 Cisco | 67 800m Integrated Services Router, 807 Industrial Integrated Services Router, 812 3g Integrated Services Router and 64 more | 2023-11-07 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20684 | 1 Cisco | 1 Ios Xe | 2023-11-07 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. This vulnerability is due to a lack of input validation of the information used to generate an SNMP trap related to a wireless client connection event. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2022-20678 | 1 Cisco | 25 1100-4g Integrated Services Router, 1100-6g Integrated Services Router, 1101 Integrated Services Router and 22 more | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload. | |||||
| CVE-2021-34767 | 1 Cisco | 9 Catalyst 9800, Catalyst 9800-40, Catalyst 9800-80 and 6 more | 2023-11-07 | 3.3 LOW | 7.4 HIGH |
| A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. The vulnerability is due to a logic error when processing specific link-local IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that would flow inbound through the wired interface of an affected device. A successful exploit could allow the attacker to cause traffic drops in the affected VLAN, thus triggering the DoS condition. | |||||
| CVE-2021-34729 | 1 Cisco | 2 Ios Xe, Ios Xe Sd-wan | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input in the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system. An attacker would need valid user credentials to exploit this vulnerability. | |||||
| CVE-2021-34714 | 1 Cisco | 225 Firepower 4100, Firepower 4110, Firepower 4112 and 222 more | 2023-11-07 | 5.7 MEDIUM | 7.4 HIGH |
| A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process. | |||||
| CVE-2021-34723 | 1 Cisco | 21 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 18 more | 2023-11-07 | 6.9 MEDIUM | 6.7 MEDIUM |
| A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device. | |||||
| CVE-2021-34697 | 1 Cisco | 1 Ios Xe | 2023-11-07 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) attacks to or through the affected device. This vulnerability is due to incorrect programming of the half-opened connections limit, TCP SYN flood limit, or TCP SYN cookie features when the features are configured in vulnerable releases of Cisco IOS XE Software. An attacker could exploit this vulnerability by attempting to flood traffic to or through the affected device. A successful exploit could allow the attacker to initiate a DoS attack to or through an affected device. | |||||
| CVE-2021-34768 | 1 Cisco | 11 Catalyst 9800, Catalyst 9800-40, Catalyst 9800-40 Wireless Controller and 8 more | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. | |||||
| CVE-2021-34696 | 1 Cisco | 23 Asr 902, Asr 903, Asr 907 and 20 more | 2023-11-07 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. | |||||
| CVE-2021-34769 | 1 Cisco | 11 Catalyst 9800, Catalyst 9800-40, Catalyst 9800-40 Wireless Controller and 8 more | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. | |||||