cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-1440,https://securityvulnerability.io/vulnerability/CVE-2021-1440,Vulnerability in RPKI Implementation Could Lead to Denial of Service,"A vulnerability in the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XR Software enables remote attackers to induce a denial of service (DoS) condition. This occurs due to improper processing of a specific RTR Protocol packet header. Attackers may exploit this by compromising an RPKI validator server or using man-in-the-middle techniques to send malicious RTR packets to devices running affected software. Successful exploitation leads to instability in BGP routing, as the BGP process could continually crash and restart. Cisco has provided updates to rectify this issue, with no effective workarounds available.",Cisco,Cisco iOS Xr Software,6.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-18T15:34:27.378Z,0
CVE-2022-20655,https://securityvulnerability.io/vulnerability/CVE-2022-20655,Command Injection Vulnerability in ConfD Could Allow Authenticated Attacker to Execute Arbitrary Commands with Root Privileges,"An issue within the command line interface (CLI) implementation in Cisco's ConfD can allow authenticated, local attackers to conduct command injection attacks. This vulnerability stems from insufficient validation of process arguments, enabling an attacker to inject malicious commands during execution. Successfully exploiting this vulnerability can lead to the execution of arbitrary commands on the underlying operating system with the same privileges as ConfD, often equivalent to root access, thereby posing severe risks to system security and integrity.",Cisco,"Cisco iOS Xr Software,Cisco Virtual Topology System (vts),Cisco Network Services Orchestrator,Cisco Enterprise Nfv Infrastructure Software,Cisco Catalyst Sd-wan,Cisco Catalyst Sd-wan Manager,Cisco iOS Xe Catalyst Sd-wan,Cisco Sd-wan Vedge Router,Cisco Ultra Gateway Platform,Cisco Carrier Packet Transport",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:56:42.927Z,0
CVE-2022-20846,https://securityvulnerability.io/vulnerability/CVE-2022-20846,Cisco Discovery Protocol Vulnerability Could Lead to Reload and Limited Remote Code Execution,"A flaw exists in the Cisco Discovery Protocol implementation within Cisco IOS XR Software, allowing unauthenticated adjacent attackers to exploit this vulnerability. The vulnerability is the result of a heap buffer overflow caused by processing malicious packets sent to devices running the affected software. By sending specially crafted Cisco Discovery Protocol packets, attackers could potentially cause the process associated with this protocol to reload. Although the ability to execute remote code is limited due to restrictions on writeable bytes, the reloading of the process could still disrupt network operations. Cisco has released necessary software updates to mitigate this vulnerability, and no alternative workarounds are available.",Cisco,Cisco iOS Xr Software,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-15T15:32:38.495Z,0
CVE-2022-20845,https://securityvulnerability.io/vulnerability/CVE-2022-20845,Cisco NCS 4000 Series Vulnerability Could Lead to Memory Leak and Denial of Service,"A vulnerability in the TL1 function of the Cisco Network Convergence System (NCS) 4000 Series allows authenticated local attackers to trigger a memory leak by issuing TL1 commands. This occurs due to TL1 failing to free memory in certain conditions. Exploitation of this vulnerability can lead to excessive memory consumption, which ultimately causes the Resource Monitor (Resmon) process to initiate a restart or shutdown of the top memory-consuming processes. This behavior results in a denial of service (DoS) condition, impacting the availability of the affected systems. Cisco has provided software updates to mitigate the issue, with no available workarounds.",Cisco,Cisco iOS Xr Software,6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:32:28.604Z,0
CVE-2022-20849,https://securityvulnerability.io/vulnerability/CVE-2022-20849,Cisco PPPoE Vulnerability Could Lead to Denial of Service,"A weakness within the Broadband Network Gateway PPPoE feature of Cisco IOS XR Software enables an attacker to exploit the system by sending a specifically crafted sequence of PPPoE packets from compromised customer premises equipment (CPE). This vulnerability arises when the PPPoE feature inadequately processes an error condition, leading to continuous crashing of the PPPoE process. As a result, the system may experience a denial of service, significantly impacting network availability. Cisco has released software updates to rectify this issue, and no workarounds are available. For more information, refer to Cisco's security advisory for comprehensive updates.",Cisco,Cisco iOS Xr Software,6.1,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-15T15:31:20.913Z,0
CVE-2024-20418,https://securityvulnerability.io/vulnerability/CVE-2024-20418,Command Injection Vulnerability in Cisco Unified Industrial Wireless Software Could Allow Remote Root Access,"A critical flaw has been identified in the web-based management interface of Cisco Unified Industrial Wireless Software, specifically impacting Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. This vulnerability arises from inadequate input validation within the management interface, allowing an unauthenticated remote attacker to initiate command injection attacks. By sending specially crafted HTTP requests, an attacker could gain root privileges over the underlying operating system of the affected devices. This exposure significantly increases the risk of unauthorized access and manipulation of the device, potentially leading to widespread security breaches.",Cisco,Cisco Aironet Access Point Software (iOS Xe Controller),10,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-11-07T06:03:55.000Z,,true,false,,2024-11-06T17:15:00.000Z,4678
CVE-2024-20304,https://securityvulnerability.io/vulnerability/CVE-2024-20304,Vulnerability in Cisco IOS XR Software Could Lead to UDP Packet Memory Exhaustion and DoS Conditions,"A vulnerability exists within the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software, allowing unauthenticated remote attackers to exploit the device's UDP packet memory management. The flawed handling of packets can lead to memory exhaustion, preventing the device from processing additional UDP packets. This disruption could result in a denial of service condition, compromising the device's performance and its ability to handle more complex UDP-based protocol packets. The vulnerability can be triggered through crafted packets sent via both IPv4 and IPv6 protocols.",Cisco,Cisco iOS Xr Software,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-11T16:39:54.503Z,0
CVE-2024-20489,https://securityvulnerability.io/vulnerability/CVE-2024-20489,Cisco IOS XR Software Vulnerability Could Allow Access to MongoDB Credentials,"A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.

This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.",Cisco,Cisco iOS Xr Software,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-11T16:39:06.449Z,0
CVE-2024-20483,https://securityvulnerability.io/vulnerability/CVE-2024-20483,Cisco Routed PON Controller Software Vulnerabilities Allow Command Injection and Root Access,"The Cisco Routed PON Controller Software, executed within a Docker container leveraging Cisco IOS XR Software, is susceptible to multiple vulnerabilities that could be exploited by attackers with Administrator-level access on the PON Manager. Insufficient validation of arguments in specific configuration commands allows these vulnerabilities to be leveraged for command injection attacks. By supplying specially crafted inputs to affected command arguments, an attacker can execute arbitrary commands as root within the PON controller container. This can result in significant security risks, emphasizing the importance of proper security measures and consistent patch management.",Cisco,Cisco iOS Xr Software,7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-11T16:38:57.862Z,0
CVE-2024-20406,https://securityvulnerability.io/vulnerability/CVE-2024-20406,Cisco IOS XR Software Vulnerability Could Lead to Denial of Service,"The vulnerability in the segment routing feature of the Intermediate System-to-Intermediate System (IS-IS) protocol within Cisco IOS XR Software allows unauthenticated, adjacent attackers to engineer a denial of service (DoS) condition by exploiting insufficient input validation. By sending specially crafted IS-IS packets to an affected device after establishing an adjacency, an attacker can trigger a crash and subsequent restart of the IS-IS process across all devices involved in the Flexible Algorithm. This affects IS-IS operations over both IPv4 and IPv6 control planes, as well as devices configured for various routing levels. Ensuring proper network security measures are in place is essential to mitigate the risk associated with this vulnerability.",Cisco,Cisco iOS Xr Software,7.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-09-11T16:38:50.133Z,0
CVE-2024-20381,https://securityvulnerability.io/vulnerability/CVE-2024-20381,Cisco ConfD JSON-RPC API Vulnerability Could Allow Remote Authenticated Attacker to Modify Configuration,"A vulnerability exists in the JSON-RPC API feature of Cisco's Crosswork Network Services Orchestrator and ConfD, utilized by the management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers. This vulnerability arises from improper authorization checks, allowing an authenticated remote attacker to exploit the API by sending malicious requests. A successful attack may enable the attacker to modify the configurations of affected applications or devices, potentially leading to unauthorized changes such as creating new user accounts or elevating privileges within the system.",Cisco,"Cisco iOS Xr Software,Cisco Network Services Orchestrator,Cisco Small Business Rv Series Router Firmware",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-09-11T16:38:42.096Z,0
CVE-2024-20317,https://securityvulnerability.io/vulnerability/CVE-2024-20317,Cisco IOS XR Software Vulnerability Could Lead to Denial of Service,"A significant vulnerability has been identified in the processing of specific Ethernet frames by Cisco IOS XR Software utilized in various Cisco Network Convergence System (NCS) platforms. This flaw allows an unauthorized adjacent attacker to send specially crafted Ethernet frames, potentially leading to the dropping of high-priority packets. As a consequence, critical control plane protocol relationships may fail, resulting in a denial of service (DoS) condition. Cisco has acknowledged the issue and released software updates to rectify this vulnerability. No workarounds are available to mitigate the risk associated with it.",Cisco,Cisco iOS Xr Software,7.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-09-11T16:38:33.082Z,0
CVE-2024-20398,https://securityvulnerability.io/vulnerability/CVE-2024-20398,Cisco IOS XR Software Vulnerability Allows Elevation of Privileges,"A vulnerability exists in the Command Line Interface (CLI) of Cisco IOS XR Software that enables an authenticated, local attacker to gain read/write file system access on the underlying operating system of the affected device. This issue stems from inadequate validation of user arguments associated with specific CLI commands. An attacker possessing a low-privileged account can exploit this vulnerability by executing specially crafted commands in the CLI prompt. Successful exploitation can permit the attacker to elevate their privileges to that of the root user, thereby compromising the integrity and security of the device.",Cisco,Cisco iOS Xr Software,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-11T16:38:23.982Z,0
CVE-2024-20390,https://securityvulnerability.io/vulnerability/CVE-2024-20390,Cisco IOS XR Software Vulnerability Could Lead to Denial of Service on XML TCP Port 38751,"A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751.

This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists.",Cisco,Cisco iOS Xr Software,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-11T16:38:15.320Z,0
CVE-2024-20343,https://securityvulnerability.io/vulnerability/CVE-2024-20343,Cisco IOS XR Software Vulnerability Allows Read-Only Access to Linux File System,"A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device.

This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system.",Cisco,Cisco iOS Xr Software,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-11T16:38:06.326Z,0
CVE-2024-20456,https://securityvulnerability.io/vulnerability/CVE-2024-20456,Cisco IOS XR Software Vulnerability Could Allow Local Attacker to Bypass Secure Boot and Load Unverified Software,"A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.
 This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system&rsquo;s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.",Cisco,Cisco iOS Xr Software,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-10T16:06:22.104Z,0
CVE-2024-20313,https://securityvulnerability.io/vulnerability/CVE-2024-20313,Cisco IOS XE Software Vulnerability Could Lead to Unauthorized Reload and Denial of Service,"The vulnerability presents a risk within the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software that could allow an adjacent attacker without authentication to disrupt the operation of an affected device. This issue arises from insufficient validation of OSPF updates, leading to unexpected device reloading and resulting in a denial of service (DoS). Through the exploitation of this vulnerability, an attacker could send a specially crafted OSPF update, thus provoking the affected device to restart abruptly. Organizations utilizing Cisco IOS XE Software are advised to evaluate their systems for this vulnerability and implement necessary mitigations.",Cisco,Cisco iOS Xe Software,7.4,HIGH,0.0004400000034365803,false,,false,false,true,2024-08-09T19:15:05.000Z,,false,false,,2024-04-24T20:42:10.379Z,0
CVE-2024-20310,https://securityvulnerability.io/vulnerability/CVE-2024-20310,Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager IM & Presence Service,"A vulnerability found in the web management interface of Cisco Unified Communications Manager IM & Presence Service allows an unauthenticated remote attacker to execute Cross-Site Scripting (XSS) attacks. This issue arises due to the failure of the web interface to adequately validate user-supplied input. An attacker can exploit this vulnerability by convincing an authenticated user to click on a specially crafted link, potentially enabling the execution of arbitrary script code within the context of the affected interface or exposing sensitive browser information.",Cisco,"Cisco iOS Xe Software,Cisco Unified Communications Manager Im And Presence Service",6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-06-20T18:15:07.000Z,,false,false,,2024-04-03T17:15:00.000Z,0
CVE-2024-20307,https://securityvulnerability.io/vulnerability/CVE-2024-20307,Cisco IOS Software and IOS XE Software Vulnerability: Heap Overflow Due to IKEv1 Fragmentation Code Flaw,"A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading.
 This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
 Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.",Cisco,"Ios,Cisco Ios Xe Software",6.8,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2024-03-27T17:23:40.022Z,0
CVE-2024-20308,https://securityvulnerability.io/vulnerability/CVE-2024-20308,Cisco IOS and IOS XE Vulnerability: Heap Underflow Due to IKEv1 Fragmentation Code Flaw,"A security flaw has been identified in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software that allows an unauthenticated, remote attacker to exploit the affected device. The vulnerability arises from a failure to properly reassemble crafted, fragmented IKEv1 packets, which could lead to a heap underflow condition. An attacker can exploit this issue by sending specifically crafted UDP packets to the affected system. Successful exploitation may cause the device to reload, thus resulting in a denial of service (DoS) condition. The vulnerability is applicable to both IPv4 and IPv6 traffic, which means that only traffic directed at the affected system is capable of triggering the flaw.",Cisco,"iOS,Cisco iOS Xe Software",8.6,HIGH,0.0004299999854993075,false,,false,false,true,2024-11-26T16:15:10.000Z,,false,false,,2024-03-27T17:22:11.592Z,0
CVE-2024-20271,https://securityvulnerability.io/vulnerability/CVE-2024-20271,Cisco Access Point Software Vulnerability Could Lead to Denial of Service,"A vulnerability in the IP packet processing of Cisco Access Point Software allows an unauthenticated, remote attacker to exploit specific weaknesses in input validation of IPv4 packets. By sending specially crafted IPv4 packets to or through an affected device, an attacker can induce an unexpected reload of the device, resulting in a denial of service (DoS) condition. Importantly, exploitation does not require the attacker to be associated with the access point, making this a significant risk to network availability. This issue does not affect IPv6 packet processing.",Cisco,"Cisco Aironet Access Point Software,Cisco Business Wireless Access Point Software,Cisco Aironet Access Point Software (iOS Xe Controller)",8.6,HIGH,0.0004299999854993075,false,,false,false,true,2024-06-28T14:15:03.000Z,,false,false,,2024-03-27T17:05:27.473Z,0
CVE-2024-20265,https://securityvulnerability.io/vulnerability/CVE-2024-20265,Unauthenticated Attacker Could Bypass Cisco Secure Boot Validation and Load Tampered Image on Affected Device,"A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.
 This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.",Cisco,"Cisco iOS Xe Software,Cisco Aironet Access Point Software,Cisco Business Wireless Access Point Software,Cisco Aironet Access Point Software (iOS Xe Controller)",5.9,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-08-01T16:15:04.000Z,,false,false,,2024-03-27T17:03:54.505Z,0
CVE-2024-20309,https://securityvulnerability.io/vulnerability/CVE-2024-20309,Cisco IOS XE Software Vulnerability Could Lead to Device Reload or Denial of Service,"A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding.
 This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition.",Cisco,Cisco iOS Xe Software,5.6,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-08-09T19:15:05.000Z,,false,false,,2024-03-27T17:02:19.749Z,0
CVE-2024-20303,https://securityvulnerability.io/vulnerability/CVE-2024-20303,Cisco IOS XE Software for Wireless LAN Controllers (WLCs) Vulnerability Could Lead to Denial of Service,"A vulnerability exists within the multicast DNS (mDNS) gateway functionality of Cisco IOS XE Software used in Wireless LAN Controllers. This issue arises from inadequate handling of mDNS client entries, allowing an unauthenticated attacker on the same wireless network to disrupt service. By sending a continuous flow of targeted mDNS packets, the attacker could cause the wireless controller to enter a state of elevated CPU usage, potentially resulting in access points losing connectivity with the controller. Such an event can create a significant denial of service condition, affecting overall network performance.",Cisco,Cisco Ios Xe Software,7.4,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-27T17:00:37.075Z,0
CVE-2024-20278,https://securityvulnerability.io/vulnerability/CVE-2024-20278,Cisco IOS XE Software Vulnerability: Elevation of Privileges,"A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device.
 This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root.",Cisco,Cisco iOS Xe Software,6.5,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-08-15T17:15:05.000Z,,false,false,,2024-03-27T16:59:12.963Z,0