cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-20655,https://securityvulnerability.io/vulnerability/CVE-2022-20655,Command Injection Vulnerability in ConfD Could Allow Authenticated Attacker to Execute Arbitrary Commands with Root Privileges,"An issue within the command line interface (CLI) implementation in Cisco's ConfD can allow authenticated, local attackers to conduct command injection attacks. This vulnerability stems from insufficient validation of process arguments, enabling an attacker to inject malicious commands during execution. Successfully exploiting this vulnerability can lead to the execution of arbitrary commands on the underlying operating system with the same privileges as ConfD, often equivalent to root access, thereby posing severe risks to system security and integrity.",Cisco,"Cisco iOS Xr Software,Cisco Virtual Topology System (vts),Cisco Network Services Orchestrator,Cisco Enterprise Nfv Infrastructure Software,Cisco Catalyst Sd-wan,Cisco Catalyst Sd-wan Manager,Cisco iOS Xe Catalyst Sd-wan,Cisco Sd-wan Vedge Router,Cisco Ultra Gateway Platform,Cisco Carrier Packet Transport",8.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-15T15:56:42.927Z,0
CVE-2024-20418,https://securityvulnerability.io/vulnerability/CVE-2024-20418,Command Injection Vulnerability in Cisco Unified Industrial Wireless Software Could Allow Remote Root Access,"A critical flaw has been identified in the web-based management interface of Cisco Unified Industrial Wireless Software, specifically impacting Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. This vulnerability arises from inadequate input validation within the management interface, allowing an unauthenticated remote attacker to initiate command injection attacks. By sending specially crafted HTTP requests, an attacker could gain root privileges over the underlying operating system of the affected devices. This exposure significantly increases the risk of unauthorized access and manipulation of the device, potentially leading to widespread security breaches.",Cisco,Cisco Aironet Access Point Software (iOS Xe Controller),10,CRITICAL,0.0004299999854993075,false,true,false,true,,true,false,2024-11-06T17:15:00.000Z,4678
CVE-2024-20313,https://securityvulnerability.io/vulnerability/CVE-2024-20313,Cisco IOS XE Software Vulnerability Could Lead to Unauthorized Reload and Denial of Service,"The vulnerability presents a risk within the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software that could allow an adjacent attacker without authentication to disrupt the operation of an affected device. This issue arises from insufficient validation of OSPF updates, leading to unexpected device reloading and resulting in a denial of service (DoS). Through the exploitation of this vulnerability, an attacker could send a specially crafted OSPF update, thus provoking the affected device to restart abruptly. Organizations utilizing Cisco IOS XE Software are advised to evaluate their systems for this vulnerability and implement necessary mitigations.",Cisco,Cisco iOS Xe Software,7.4,HIGH,0.0004400000034365803,false,false,false,true,,false,false,2024-04-24T20:42:10.379Z,0
CVE-2024-20310,https://securityvulnerability.io/vulnerability/CVE-2024-20310,,"A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.
 This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,"Cisco iOS Xe Software,Cisco Unified Communications Manager Im And Presence Service",6.1,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-04-03T17:15:00.000Z,0
CVE-2024-20307,https://securityvulnerability.io/vulnerability/CVE-2024-20307,Cisco IOS Software and IOS XE Software Vulnerability: Heap Overflow Due to IKEv1 Fragmentation Code Flaw,"A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading.
 This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
 Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.",Cisco,"Ios,Cisco Ios Xe Software",6.8,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2024-03-27T17:23:40.022Z,0
CVE-2024-20308,https://securityvulnerability.io/vulnerability/CVE-2024-20308,Cisco IOS and IOS XE Vulnerability: Heap Underflow Due to IKEv1 Fragmentation Code Flaw,"A security flaw has been identified in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software that allows an unauthenticated, remote attacker to exploit the affected device. The vulnerability arises from a failure to properly reassemble crafted, fragmented IKEv1 packets, which could lead to a heap underflow condition. An attacker can exploit this issue by sending specifically crafted UDP packets to the affected system. Successful exploitation may cause the device to reload, thus resulting in a denial of service (DoS) condition. The vulnerability is applicable to both IPv4 and IPv6 traffic, which means that only traffic directed at the affected system is capable of triggering the flaw.",Cisco,"iOS,Cisco iOS Xe Software",8.6,HIGH,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T17:22:11.592Z,0
CVE-2024-20271,https://securityvulnerability.io/vulnerability/CVE-2024-20271,Cisco Access Point Software Vulnerability Could Lead to Denial of Service,"A vulnerability in the IP packet processing of Cisco Access Point Software allows an unauthenticated, remote attacker to exploit specific weaknesses in input validation of IPv4 packets. By sending specially crafted IPv4 packets to or through an affected device, an attacker can induce an unexpected reload of the device, resulting in a denial of service (DoS) condition. Importantly, exploitation does not require the attacker to be associated with the access point, making this a significant risk to network availability. This issue does not affect IPv6 packet processing.",Cisco,"Cisco Aironet Access Point Software,Cisco Business Wireless Access Point Software,Cisco Aironet Access Point Software (iOS Xe Controller)",8.6,HIGH,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T17:05:27.473Z,0
CVE-2024-20265,https://securityvulnerability.io/vulnerability/CVE-2024-20265,Unauthenticated Attacker Could Bypass Cisco Secure Boot Validation and Load Tampered Image on Affected Device,"A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.
 This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.",Cisco,"Cisco iOS Xe Software,Cisco Aironet Access Point Software,Cisco Business Wireless Access Point Software,Cisco Aironet Access Point Software (iOS Xe Controller)",5.9,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T17:03:54.505Z,0
CVE-2024-20309,https://securityvulnerability.io/vulnerability/CVE-2024-20309,Cisco IOS XE Software Vulnerability Could Lead to Device Reload or Denial of Service,"A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding.
 This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition.",Cisco,Cisco iOS Xe Software,5.6,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T17:02:19.749Z,0
CVE-2024-20303,https://securityvulnerability.io/vulnerability/CVE-2024-20303,Cisco IOS XE Software for Wireless LAN Controllers (WLCs) Vulnerability Could Lead to Denial of Service,"A vulnerability exists within the multicast DNS (mDNS) gateway functionality of Cisco IOS XE Software used in Wireless LAN Controllers. This issue arises from inadequate handling of mDNS client entries, allowing an unauthenticated attacker on the same wireless network to disrupt service. By sending a continuous flow of targeted mDNS packets, the attacker could cause the wireless controller to enter a state of elevated CPU usage, potentially resulting in access points losing connectivity with the controller. Such an event can create a significant denial of service condition, affecting overall network performance.",Cisco,Cisco Ios Xe Software,7.4,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-03-27T17:00:37.075Z,0
CVE-2024-20278,https://securityvulnerability.io/vulnerability/CVE-2024-20278,Cisco IOS XE Software Vulnerability: Elevation of Privileges,"A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device.
 This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root.",Cisco,Cisco iOS Xe Software,6.5,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T16:59:12.963Z,0
CVE-2024-20306,https://securityvulnerability.io/vulnerability/CVE-2024-20306,Cisco UTD Configuration CLI Vulnerability Allows Arbitrary Code Execution as Root,"A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. 
 This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system.",Cisco,Cisco Ios Xe Software,6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-27T16:58:22.583Z,0
CVE-2024-20314,https://securityvulnerability.io/vulnerability/CVE-2024-20314,Cisco IPv4 SD-Access Fabric Edge Node Vulnerability Could Lead to Denial of Service,"A vulnerability exists within the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software that allows an unauthenticated, remote attacker to exploit improper handling of specific IPv4 packets. Exploitation of this vulnerability could lead to significant CPU resource exhaustion on the affected devices, halting all traffic processing and resulting in a denial of service (DoS) condition. Attackers are able to trigger this condition by sending specially crafted IPv4 packets, prompting a serious operational risk for affected installations.",Cisco,Cisco iOS Xe Software,8.6,HIGH,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T16:57:27.974Z,0
CVE-2024-20312,https://securityvulnerability.io/vulnerability/CVE-2024-20312,Cisco IOS and IOS XE Vulnerability Could Lead to Denial of Service,"A vulnerability exists in the Intermediate System-to-Intermediate System (IS-IS) protocol within Cisco IOS Software and Cisco IOS XE Software. This security issue arises from inadequate input validation when processing incoming IS-IS packets. An attacker, positioned Layer 2 adjacent to the targeted device and having established an adjacency, can exploit this flaw by sending a specially crafted IS-IS packet. Successful exploitation could result in the affected device reloading unexpectedly, leading to a denial of service condition. This vulnerability poses significant risks to network stability and security for organizations using vulnerable Cisco products.",Cisco,"iOS,Cisco iOS Xe Software",7.4,HIGH,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T16:56:42.490Z,0
CVE-2024-20324,https://securityvulnerability.io/vulnerability/CVE-2024-20324,Cisco IOS XE Software Vulnerability Allows Access to WLAN Configuration Details Including Passwords,"A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords.
 This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration details, including passwords. A successful exploit could allow the attacker to access configuration details that they are not authorized to access.",Cisco,Cisco iOS Xe Software,5.5,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T16:55:53.837Z,0
CVE-2024-20259,https://securityvulnerability.io/vulnerability/CVE-2024-20259,Cisco IOS XE Software Vulnerability Could Lead to Denial of Service,"A vulnerability exists in the DHCP snooping feature of Cisco IOS XE Software, allowing unauthenticated, remote attackers to exploit the flaw. This vulnerability occurs due to improper handling of crafted IPv4 DHCP request packets when endpoint analytics are enabled. Exploitation involves sending a specially crafted DHCP request, which can trigger an unexpected device reload, leading to a Denial of Service (DoS) condition. The attack vector can be exploited from a DHCP relay in different network segments, potentially expanding the scope of the vulnerability beyond adjacent networks.",Cisco,Cisco iOS Xe Software,8.6,HIGH,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T16:53:53.073Z,0
CVE-2024-20311,https://securityvulnerability.io/vulnerability/CVE-2024-20311,Cisco IOS and IOS XE Software Vulnerability Could Lead to Device Reload and Denial of Service,"The vulnerability arises from the improper handling of Locator ID Separation Protocol (LISP) packets within Cisco IOS Software and Cisco IOS XE Software. An unauthenticated remote attacker can exploit this flaw by sending specially crafted LISP packets to targeted devices. This could result in the affected device experiencing a reload, effectively leading to a denial of service condition. The exploitation can occur over both IPv4 and IPv6 transport mechanisms, amplifying the potential impact on affected networks.",Cisco,"iOS,Cisco iOS Xe Software",8.6,HIGH,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T16:50:15.099Z,0
CVE-2024-20316,https://securityvulnerability.io/vulnerability/CVE-2024-20316,Cisco IOS XE Software Vulnerability: Unauthorized Access to Protected Resources,"A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).
 This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.",Cisco,Cisco iOS Xe Software,5.8,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T16:49:03.113Z,0
CVE-2024-20354,https://securityvulnerability.io/vulnerability/CVE-2024-20354,Cisco Aironet AP Software Vulnerability Could Lead to Denial of Service,"A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device.
 This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition.",Cisco,"Cisco Aironet Access Point Software,Cisco Aironet Access Point Software (ios Xe Controller)",4.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-27T16:47:04.924Z,0
CVE-2023-20273,https://securityvulnerability.io/vulnerability/CVE-2023-20273,Command Injection Vulnerability in Cisco IOS XE Software Web UI,"A command injection vulnerability exists in the web UI of Cisco IOS XE Software, allowing an authenticated remote attacker to inject commands with root privileges. This vulnerability arises from insufficient input validation, which could enable an attacker to send specially crafted input to the web UI. Successful exploitation may allow the attacker to execute arbitrary commands on the underlying operating system, posing serious risks to system integrity and confidentiality.",Cisco,Cisco iOS Xe Software,7.2,HIGH,0.07472000271081924,true,true,false,true,true,false,false,2023-10-25T18:17:00.000Z,0
CVE-2023-20198,https://securityvulnerability.io/vulnerability/CVE-2023-20198,Cisco Provides Update on Investigation into Web UI Exploitation,"A vulnerability in the web UI functionality of Cisco IOS XE (CVE-2023-20198) has been exploited by threat actors, allowing them to create high-privilege accounts and install an implant, ultimately enabling remote control of affected network devices. A second zero-day vulnerability (CVE-2023-20273) has also been leveraged to run the implant. Cisco has released fixes for CVE-2023-20198, but this does not address the second zero-day vulnerability. Following the public announcement of the attacks, the number of internet-facing Cisco devices with the implant installed decreased significantly, suggesting a cleanup effort. Organizations are advised to promptly apply the relevant patches, disable the HTTP Server feature, and conduct thorough investigations to ensure the security of their devices. In addition to the potential impacts of the vulnerability, the ongoing exploitation underscores the need for robust cybersecurity protocols and a proactive approach to vulnerability management.",Cisco,Cisco iOS Xe Software,10,CRITICAL,0.8834400177001953,true,true,true,true,true,true,false,2023-10-16T16:15:00.000Z,0
CVE-2023-20235,https://securityvulnerability.io/vulnerability/CVE-2023-20235,Vulnerability in Application Development Workflow for Cisco IOS XE Software,"A vulnerability exists in the application development workflow of Cisco IOS XE Software, allowing an authenticated remote attacker to gain unauthorized access to the underlying operating system with root privileges. This occurs because Docker containers, when running in application development mode with the privileged runtime option enabled, do not have restrictions that prevent exploitation. Attackers could leverage this flaw by utilizing Docker CLI commands to interact with an affected device, potentially impacting production systems if the development features are inadvertently enabled in those environments. This vulnerability underscores the importance of ensuring that application development workflows are strictly confined to secure development systems.",Cisco,Cisco IOS XE Software,8.8,HIGH,0.0012000000569969416,false,false,false,false,,false,false,2023-10-04T17:15:00.000Z,0
CVE-2023-20226,https://securityvulnerability.io/vulnerability/CVE-2023-20226,Denial of Service Vulnerability in Cisco IOS XE Software,"A vulnerability in the Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) features of Cisco IOS XE Software can enable unauthenticated attackers to launch a denial of service (DoS) attack. By mismanaging crafted packet streams through these applications, attackers can cause affected devices to unexpectedly reload, leading to service interruptions. This vulnerability exemplifies the critical importance of robust network security measures in protecting network infrastructure.",Cisco,Cisco IOS XE Software,7.5,HIGH,0.001180000021122396,false,false,false,false,,false,false,2023-09-27T18:15:00.000Z,0
CVE-2023-20187,https://securityvulnerability.io/vulnerability/CVE-2023-20187,Vulnerability in Multicast Leaf Recycle Elimination Feature of Cisco ASR Routers,"A vulnerability exists in the Multicast Leaf Recycle Elimination feature of Cisco IOS XE Software for Cisco ASR 1000 Series routers. The flaw arises from improper handling of specific IPv6 multicast packets when multicast traffic exceeds a particular threshold. An unauthenticated remote attacker could exploit this by sending crafted IPv6 multicast or multicast VPN packets, triggering a device reload that leads to a Denial of Service condition.",Cisco,Cisco IOS XE Software,7.5,HIGH,0.001180000021122396,false,false,false,false,,false,false,2023-09-27T18:15:00.000Z,0
CVE-2023-20227,https://securityvulnerability.io/vulnerability/CVE-2023-20227,Denial of Service Vulnerability in Cisco IOS XE Software's L2TP Feature,"A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software allows an unauthenticated remote attacker to trigger a denial of service condition. This issue is due to improper handling of specially crafted L2TP packets. An attacker can exploit this by sending these packets to an affected device, potentially causing it to reload unexpectedly. This results in service disruption as the device becomes temporarily unavailable. The exploit is limited to traffic directed specifically at the affected system.",Cisco,Cisco IOS XE Software,7.5,HIGH,0.001180000021122396,false,false,false,false,,false,false,2023-09-27T18:15:00.000Z,0