cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-1440,https://securityvulnerability.io/vulnerability/CVE-2021-1440,Vulnerability in RPKI Implementation Could Lead to Denial of Service,"A vulnerability in the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XR Software enables remote attackers to induce a denial of service (DoS) condition. This occurs due to improper processing of a specific RTR Protocol packet header. Attackers may exploit this by compromising an RPKI validator server or using man-in-the-middle techniques to send malicious RTR packets to devices running affected software. Successful exploitation leads to instability in BGP routing, as the BGP process could continually crash and restart. Cisco has provided updates to rectify this issue, with no effective workarounds available.",Cisco,Cisco iOS Xr Software,6.8,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-11-18T15:34:27.378Z,0
CVE-2022-20655,https://securityvulnerability.io/vulnerability/CVE-2022-20655,Command Injection Vulnerability in ConfD Could Allow Authenticated Attacker to Execute Arbitrary Commands with Root Privileges,"An issue within the command line interface (CLI) implementation in Cisco's ConfD can allow authenticated, local attackers to conduct command injection attacks. This vulnerability stems from insufficient validation of process arguments, enabling an attacker to inject malicious commands during execution. Successfully exploiting this vulnerability can lead to the execution of arbitrary commands on the underlying operating system with the same privileges as ConfD, often equivalent to root access, thereby posing severe risks to system security and integrity.",Cisco,"Cisco iOS Xr Software,Cisco Virtual Topology System (vts),Cisco Network Services Orchestrator,Cisco Enterprise Nfv Infrastructure Software,Cisco Catalyst Sd-wan,Cisco Catalyst Sd-wan Manager,Cisco iOS Xe Catalyst Sd-wan,Cisco Sd-wan Vedge Router,Cisco Ultra Gateway Platform,Cisco Carrier Packet Transport",8.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-15T15:56:42.927Z,0
CVE-2022-20846,https://securityvulnerability.io/vulnerability/CVE-2022-20846,Cisco Discovery Protocol Vulnerability Could Lead to Reload and Limited Remote Code Execution,"A flaw exists in the Cisco Discovery Protocol implementation within Cisco IOS XR Software, allowing unauthenticated adjacent attackers to exploit this vulnerability. The vulnerability is the result of a heap buffer overflow caused by processing malicious packets sent to devices running the affected software. By sending specially crafted Cisco Discovery Protocol packets, attackers could potentially cause the process associated with this protocol to reload. Although the ability to execute remote code is limited due to restrictions on writeable bytes, the reloading of the process could still disrupt network operations. Cisco has released necessary software updates to mitigate this vulnerability, and no alternative workarounds are available.",Cisco,Cisco iOS Xr Software,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-11-15T15:32:38.495Z,0
CVE-2022-20845,https://securityvulnerability.io/vulnerability/CVE-2022-20845,Cisco NCS 4000 Series Vulnerability Could Lead to Memory Leak and Denial of Service,"A vulnerability in the TL1 function of the Cisco Network Convergence System (NCS) 4000 Series allows authenticated local attackers to trigger a memory leak by issuing TL1 commands. This occurs due to TL1 failing to free memory in certain conditions. Exploitation of this vulnerability can lead to excessive memory consumption, which ultimately causes the Resource Monitor (Resmon) process to initiate a restart or shutdown of the top memory-consuming processes. This behavior results in a denial of service (DoS) condition, impacting the availability of the affected systems. Cisco has provided software updates to mitigate the issue, with no available workarounds.",Cisco,Cisco iOS Xr Software,6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-15T15:32:28.604Z,0
CVE-2022-20849,https://securityvulnerability.io/vulnerability/CVE-2022-20849,Cisco PPPoE Vulnerability Could Lead to Denial of Service,"A weakness within the Broadband Network Gateway PPPoE feature of Cisco IOS XR Software enables an attacker to exploit the system by sending a specifically crafted sequence of PPPoE packets from compromised customer premises equipment (CPE). This vulnerability arises when the PPPoE feature inadequately processes an error condition, leading to continuous crashing of the PPPoE process. As a result, the system may experience a denial of service, significantly impacting network availability. Cisco has released software updates to rectify this issue, and no workarounds are available. For more information, refer to Cisco's security advisory for comprehensive updates.",Cisco,Cisco iOS Xr Software,6.1,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-11-15T15:31:20.913Z,0
CVE-2024-20373,https://securityvulnerability.io/vulnerability/CVE-2024-20373,Cisco IOS and IOS XE Vulnerability: SNMP ACL Implementation Flaw Allows Unauthorized Access,"A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic.&nbsp;

This vulnerability exists because Cisco IOS Software and Cisco IOS XE Software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 ACLs that are attached to the SNMP server configuration without a warning message. This can result in no ACL being applied to the SNMP listening process. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP operations that should be denied. The attacker has no control of the SNMP ACL configuration and would still need a valid SNMP version 2c (SNMPv2c) community string or SNMP version 3 (SNMPv3) user credentials.
SNMP with IPv6 ACL configurations is not affected.
For more information, see the  section of this advisory.",Cisco,Cisco iOS Xe Catalyst Sd-wan,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-11-15T14:52:34.137Z,0
CVE-2024-20418,https://securityvulnerability.io/vulnerability/CVE-2024-20418,Command Injection Vulnerability in Cisco Unified Industrial Wireless Software Could Allow Remote Root Access,"A critical flaw has been identified in the web-based management interface of Cisco Unified Industrial Wireless Software, specifically impacting Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. This vulnerability arises from inadequate input validation within the management interface, allowing an unauthenticated remote attacker to initiate command injection attacks. By sending specially crafted HTTP requests, an attacker could gain root privileges over the underlying operating system of the affected devices. This exposure significantly increases the risk of unauthorized access and manipulation of the device, potentially leading to widespread security breaches.",Cisco,Cisco Aironet Access Point Software (iOS Xe Controller),10,CRITICAL,0.0004299999854993075,false,true,false,true,,true,false,2024-11-06T17:15:00.000Z,4678
CVE-2024-20437,https://securityvulnerability.io/vulnerability/CVE-2024-20437,Cisco IOS XE Software Vulnerability: Remote CSRF Execution,"A vulnerability in the web-based management interface of Cisco IOS XE Software allows remote attackers to exploit cross-site request forgery (CSRF) weaknesses. This condition arises from inadequate protections against CSRF, enabling an attacker to pose as an authenticated user. By convincing a targeted user to click on a specially crafted link, attackers can execute commands on the command line interface (CLI) of the affected device, taking actions with the same privileges as the authenticated user. Organizations utilizing Cisco IOS XE Software should take immediate precautions to mitigate potential risks associated with this vulnerability.",Cisco,iOS Xe,8.8,HIGH,0.0005799999926239252,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20434,https://securityvulnerability.io/vulnerability/CVE-2024-20434,Unauthorized Frame Handling Could Cause DoS Condition,"A vulnerability exists in Cisco IOS XE Software where improper handling of frames associated with VLAN tagging can be exploited by an unauthenticated, adjacent attacker. By sending specifically crafted frames, the attacker can induce a denial of service condition on the control plane of the affected device. This results in the device becoming unresponsive, with no access available through the console or CLI. Additionally, the affected device will not respond to ping or SNMP requests, as well as requests from other control plane protocols. It is important to note that data traffic is not affected; however, a complete reboot of the device is necessary to restore control plane operations.",Cisco,iOS Xe,4.3,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20510,https://securityvulnerability.io/vulnerability/CVE-2024-20510,Unauthenticated Attacker Could Bypass Pre-Authentication ACL in Cisco IOS XE Software for Wireless Controllers,"A logic error present in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers poses a significant security risk by enabling unauthenticated adjacent attackers to bypass the pre-authentication access control list (ACL). This flaw arises during the activation of the pre-authentication ACL received from the authentication, authorization, and accounting (AAA) server. By exploiting this vulnerability, an attacker can connect to a wireless network configured for CWA and transmit traffic through a compromised device, circumventing the protections that should have been enforced by the ACL. This exploit can lead to unauthorized access to trusted network resources, posing a serious threat to network security.",Cisco,iOS Xe,9.3,CRITICAL,0.0005300000193528831,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20433,https://securityvulnerability.io/vulnerability/CVE-2024-20433,Cisco IOS/IOS XE Software Vulnerability Could Lead to DoS Condition,"A vulnerability exists in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software. This issue is caused by a buffer overflow that occurs when the software processes specially crafted RSVP packets. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious RSVP traffic to an affected device, potentially causing it to reload unexpectedly. The result of such an exploit would lead to a denial of service (DoS), affecting the availability of network services.",Cisco,iOS,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20414,https://securityvulnerability.io/vulnerability/CVE-2024-20414,Cisco IOS and IOS XE Software Vulnerability - Cross-Site Request Forgery (CSRF) Attack,"A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI.
 This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticated administrator to follow a crafted link. A successful exploit could allow the attacker to change the configuration of the affected device.",Cisco,iOS Xe,6.5,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20436,https://securityvulnerability.io/vulnerability/CVE-2024-20436,Cisco IOS XE Software Vulnerability Could Lead to Denial of Service,"The vulnerability exists in the HTTP Server feature of Cisco IOS XE Software specifically when the Telephony Service feature is enabled. This issue allows an unauthenticated remote attacker to exploit a null pointer dereference by sending specially crafted HTTP traffic to an affected device. A successful attack can lead to the device reloading, effectively causing a denial of service condition that disrupts normal functionality. It is crucial to address this vulnerability to maintain system integrity and availability.",Cisco,iOS Xe,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20467,https://securityvulnerability.io/vulnerability/CVE-2024-20467,Cisco IOS XE Software Vulnerability Could Lead to Denial of Service,"A vulnerability exists in the IPv4 fragmentation reassembly code of Cisco IOS XE Software, which may allow an unauthenticated, remote attacker to exploit this flaw and trigger a denial of service (DoS) on impacted devices. This issue stems from inadequate resource management during the process of fragment reassembly. By sending specifically sized fragmented packets or through a Virtual Fragmentation Reassembly (VFR)-enabled interface, an attacker could potentially induce a device reload, leading to service interruptions. The specific Cisco products affected include the ASR 1000 Series Aggregation Services Routers and cBR-8 Converged Broadband Routers operating on software versions 17.12.1 and 17.12.1a.",Cisco,iOS Xe,8.6,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20455,https://securityvulnerability.io/vulnerability/CVE-2024-20455,Cisco UTD Vulnerability Could Lead to Denial of Service (DoS) Condition,"The vulnerability in Cisco's IOS XE Software's Unified Threat Defense (UTD) arises from the improper handling of certain network packets exiting an SD-WAN IPsec tunnel. This flaw permits unauthorized remote attackers to exploit crafted packets sent through the tunnel, leading to a potential denial of service (DoS) state. Upon successful exploitation, the affected device may reboot unexpectedly, resulting in interruptions to network services. It's important to note that SD-WAN tunnels utilizing Generic Routing Encapsulation (GRE) remain unaffected by this vulnerability.",Cisco,iOS Xe,8.6,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20480,https://securityvulnerability.io/vulnerability/CVE-2024-20480,Cisco IOS XE Software Vulnerability Could Lead to Denial of Service Condition,"A vulnerability exists in the DHCP Snooping feature of Cisco IOS XE Software, specifically on Software-Defined Access (SD-Access) fabric edge nodes. This flaw enables an unauthenticated, remote attacker to send specially crafted IPv4 DHCP packets to affected devices, leading to significant CPU resource exhaustion. As a result, the device may enter a denial of service state, thereby ceasing all network processing and requiring a manual restart for recovery. Proper security measures must be taken to mitigate the risk associated with this vulnerability.",Cisco,iOS Xe,8.6,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20465,https://securityvulnerability.io/vulnerability/CVE-2024-20465,Unauthenticated Remote Attacker Could Bypass Configured ACLs on Cisco Switches,"A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL.
 This vulnerability is due to the incorrect handling of IPv4 ACLs on switched virtual interfaces when an administrator enables and disables Resilient Ethernet Protocol (REP). An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.",Cisco,iOS,5.8,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20464,https://securityvulnerability.io/vulnerability/CVE-2024-20464,Cisco IOS XE Software Vulnerability Could Lead to Denial of Service,"A vulnerability exists in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software that potentially allows an unauthenticated remote attacker to create a denial of service (DoS) condition. This issue stems from insufficient validation of IPv4 PIMv2 packets. An attacker may exploit this vulnerability by sending a specially crafted PIMv2 packet to a PIM-enabled interface on the device. Successful exploitation could lead to the affected device reloading unexpectedly, thus causing service disruption. It is important for users to apply the relevant patches and updates to mitigate potential risks.",Cisco,iOS Xe,8.6,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20304,https://securityvulnerability.io/vulnerability/CVE-2024-20304,Vulnerability in Cisco IOS XR Software Could Lead to UDP Packet Memory Exhaustion and DoS Conditions,"A vulnerability exists within the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software, allowing unauthenticated remote attackers to exploit the device's UDP packet memory management. The flawed handling of packets can lead to memory exhaustion, preventing the device from processing additional UDP packets. This disruption could result in a denial of service condition, compromising the device's performance and its ability to handle more complex UDP-based protocol packets. The vulnerability can be triggered through crafted packets sent via both IPv4 and IPv6 protocols.",Cisco,Cisco iOS Xr Software,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-11T16:39:54.503Z,0
CVE-2024-20489,https://securityvulnerability.io/vulnerability/CVE-2024-20489,Cisco IOS XR Software Vulnerability Could Allow Access to MongoDB Credentials,"A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.

This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.",Cisco,Cisco iOS Xr Software,5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-11T16:39:06.449Z,0
CVE-2024-20483,https://securityvulnerability.io/vulnerability/CVE-2024-20483,Cisco Routed PON Controller Software Vulnerabilities Allow Command Injection and Root Access,"The Cisco Routed PON Controller Software, executed within a Docker container leveraging Cisco IOS XR Software, is susceptible to multiple vulnerabilities that could be exploited by attackers with Administrator-level access on the PON Manager. Insufficient validation of arguments in specific configuration commands allows these vulnerabilities to be leveraged for command injection attacks. By supplying specially crafted inputs to affected command arguments, an attacker can execute arbitrary commands as root within the PON controller container. This can result in significant security risks, emphasizing the importance of proper security measures and consistent patch management.",Cisco,Cisco iOS Xr Software,7.2,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-09-11T16:38:57.862Z,0
CVE-2024-20406,https://securityvulnerability.io/vulnerability/CVE-2024-20406,Cisco IOS XR Software Vulnerability Could Lead to Denial of Service,"The vulnerability in the segment routing feature of the Intermediate System-to-Intermediate System (IS-IS) protocol within Cisco IOS XR Software allows unauthenticated, adjacent attackers to engineer a denial of service (DoS) condition by exploiting insufficient input validation. By sending specially crafted IS-IS packets to an affected device after establishing an adjacency, an attacker can trigger a crash and subsequent restart of the IS-IS process across all devices involved in the Flexible Algorithm. This affects IS-IS operations over both IPv4 and IPv6 control planes, as well as devices configured for various routing levels. Ensuring proper network security measures are in place is essential to mitigate the risk associated with this vulnerability.",Cisco,Cisco iOS Xr Software,7.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-09-11T16:38:50.133Z,0
CVE-2024-20381,https://securityvulnerability.io/vulnerability/CVE-2024-20381,Cisco ConfD JSON-RPC API Vulnerability Could Allow Remote Authenticated Attacker to Modify Configuration,"A vulnerability exists in the JSON-RPC API feature of Cisco's Crosswork Network Services Orchestrator and ConfD, utilized by the management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers. This vulnerability arises from improper authorization checks, allowing an authenticated remote attacker to exploit the API by sending malicious requests. A successful attack may enable the attacker to modify the configurations of affected applications or devices, potentially leading to unauthorized changes such as creating new user accounts or elevating privileges within the system.",Cisco,"Cisco iOS Xr Software,Cisco Network Services Orchestrator,Cisco Small Business Rv Series Router Firmware",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-09-11T16:38:42.096Z,0
CVE-2024-20317,https://securityvulnerability.io/vulnerability/CVE-2024-20317,Cisco IOS XR Software Vulnerability Could Lead to Denial of Service,"A significant vulnerability has been identified in the processing of specific Ethernet frames by Cisco IOS XR Software utilized in various Cisco Network Convergence System (NCS) platforms. This flaw allows an unauthorized adjacent attacker to send specially crafted Ethernet frames, potentially leading to the dropping of high-priority packets. As a consequence, critical control plane protocol relationships may fail, resulting in a denial of service (DoS) condition. Cisco has acknowledged the issue and released software updates to rectify this vulnerability. No workarounds are available to mitigate the risk associated with it.",Cisco,Cisco iOS Xr Software,7.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-09-11T16:38:33.082Z,0
CVE-2024-20398,https://securityvulnerability.io/vulnerability/CVE-2024-20398,Cisco IOS XR Software Vulnerability Allows Elevation of Privileges,"A vulnerability exists in the Command Line Interface (CLI) of Cisco IOS XR Software that enables an authenticated, local attacker to gain read/write file system access on the underlying operating system of the affected device. This issue stems from inadequate validation of user arguments associated with specific CLI commands. An attacker possessing a low-privileged account can exploit this vulnerability by executing specially crafted commands in the CLI prompt. Successful exploitation can permit the attacker to elevate their privileges to that of the root user, thereby compromising the integrity and security of the device.",Cisco,Cisco iOS Xr Software,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-09-11T16:38:23.982Z,0