cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-20655,https://securityvulnerability.io/vulnerability/CVE-2022-20655,Command Injection Vulnerability in ConfD Could Allow Authenticated Attacker to Execute Arbitrary Commands with Root Privileges,"An issue within the command line interface (CLI) implementation in Cisco's ConfD can allow authenticated, local attackers to conduct command injection attacks. This vulnerability stems from insufficient validation of process arguments, enabling an attacker to inject malicious commands during execution. Successfully exploiting this vulnerability can lead to the execution of arbitrary commands on the underlying operating system with the same privileges as ConfD, often equivalent to root access, thereby posing severe risks to system security and integrity.",Cisco,"Cisco iOS Xr Software,Cisco Virtual Topology System (vts),Cisco Network Services Orchestrator,Cisco Enterprise Nfv Infrastructure Software,Cisco Catalyst Sd-wan,Cisco Catalyst Sd-wan Manager,Cisco iOS Xe Catalyst Sd-wan,Cisco Sd-wan Vedge Router,Cisco Ultra Gateway Platform,Cisco Carrier Packet Transport",8.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-15T15:56:42.927Z,0
CVE-2024-20373,https://securityvulnerability.io/vulnerability/CVE-2024-20373,Cisco IOS and IOS XE Vulnerability: SNMP ACL Implementation Flaw Allows Unauthorized Access,"A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic.&nbsp;

This vulnerability exists because Cisco IOS Software and Cisco IOS XE Software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 ACLs that are attached to the SNMP server configuration without a warning message. This can result in no ACL being applied to the SNMP listening process. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP operations that should be denied. The attacker has no control of the SNMP ACL configuration and would still need a valid SNMP version 2c (SNMPv2c) community string or SNMP version 3 (SNMPv3) user credentials.
SNMP with IPv6 ACL configurations is not affected.
For more information, see the  section of this advisory.",Cisco,Cisco iOS Xe Catalyst Sd-wan,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-11-15T14:52:34.137Z,0
CVE-2024-20418,https://securityvulnerability.io/vulnerability/CVE-2024-20418,Command Injection Vulnerability in Cisco Unified Industrial Wireless Software Could Allow Remote Root Access,"A critical flaw has been identified in the web-based management interface of Cisco Unified Industrial Wireless Software, specifically impacting Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. This vulnerability arises from inadequate input validation within the management interface, allowing an unauthenticated remote attacker to initiate command injection attacks. By sending specially crafted HTTP requests, an attacker could gain root privileges over the underlying operating system of the affected devices. This exposure significantly increases the risk of unauthorized access and manipulation of the device, potentially leading to widespread security breaches.",Cisco,Cisco Aironet Access Point Software (iOS Xe Controller),10,CRITICAL,0.0004299999854993075,false,true,false,true,,true,false,2024-11-06T17:15:00.000Z,4678
CVE-2024-20437,https://securityvulnerability.io/vulnerability/CVE-2024-20437,Cisco IOS XE Software Vulnerability: Remote CSRF Execution,"A vulnerability in the web-based management interface of Cisco IOS XE Software allows remote attackers to exploit cross-site request forgery (CSRF) weaknesses. This condition arises from inadequate protections against CSRF, enabling an attacker to pose as an authenticated user. By convincing a targeted user to click on a specially crafted link, attackers can execute commands on the command line interface (CLI) of the affected device, taking actions with the same privileges as the authenticated user. Organizations utilizing Cisco IOS XE Software should take immediate precautions to mitigate potential risks associated with this vulnerability.",Cisco,iOS Xe,8.8,HIGH,0.0005799999926239252,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20464,https://securityvulnerability.io/vulnerability/CVE-2024-20464,Cisco IOS XE Software Vulnerability Could Lead to Denial of Service,"A vulnerability exists in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software that potentially allows an unauthenticated remote attacker to create a denial of service (DoS) condition. This issue stems from insufficient validation of IPv4 PIMv2 packets. An attacker may exploit this vulnerability by sending a specially crafted PIMv2 packet to a PIM-enabled interface on the device. Successful exploitation could lead to the affected device reloading unexpectedly, thus causing service disruption. It is important for users to apply the relevant patches and updates to mitigate potential risks.",Cisco,iOS Xe,8.6,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20480,https://securityvulnerability.io/vulnerability/CVE-2024-20480,Cisco IOS XE Software Vulnerability Could Lead to Denial of Service Condition,"A vulnerability exists in the DHCP Snooping feature of Cisco IOS XE Software, specifically on Software-Defined Access (SD-Access) fabric edge nodes. This flaw enables an unauthenticated, remote attacker to send specially crafted IPv4 DHCP packets to affected devices, leading to significant CPU resource exhaustion. As a result, the device may enter a denial of service state, thereby ceasing all network processing and requiring a manual restart for recovery. Proper security measures must be taken to mitigate the risk associated with this vulnerability.",Cisco,iOS Xe,8.6,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20510,https://securityvulnerability.io/vulnerability/CVE-2024-20510,Unauthenticated Attacker Could Bypass Pre-Authentication ACL in Cisco IOS XE Software for Wireless Controllers,"A logic error present in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers poses a significant security risk by enabling unauthenticated adjacent attackers to bypass the pre-authentication access control list (ACL). This flaw arises during the activation of the pre-authentication ACL received from the authentication, authorization, and accounting (AAA) server. By exploiting this vulnerability, an attacker can connect to a wireless network configured for CWA and transmit traffic through a compromised device, circumventing the protections that should have been enforced by the ACL. This exploit can lead to unauthorized access to trusted network resources, posing a serious threat to network security.",Cisco,iOS Xe,9.3,CRITICAL,0.0005300000193528831,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20455,https://securityvulnerability.io/vulnerability/CVE-2024-20455,Cisco UTD Vulnerability Could Lead to Denial of Service (DoS) Condition,"The vulnerability in Cisco's IOS XE Software's Unified Threat Defense (UTD) arises from the improper handling of certain network packets exiting an SD-WAN IPsec tunnel. This flaw permits unauthorized remote attackers to exploit crafted packets sent through the tunnel, leading to a potential denial of service (DoS) state. Upon successful exploitation, the affected device may reboot unexpectedly, resulting in interruptions to network services. It's important to note that SD-WAN tunnels utilizing Generic Routing Encapsulation (GRE) remain unaffected by this vulnerability.",Cisco,iOS Xe,8.6,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20434,https://securityvulnerability.io/vulnerability/CVE-2024-20434,Unauthorized Frame Handling Could Cause DoS Condition,"A vulnerability exists in Cisco IOS XE Software where improper handling of frames associated with VLAN tagging can be exploited by an unauthenticated, adjacent attacker. By sending specifically crafted frames, the attacker can induce a denial of service condition on the control plane of the affected device. This results in the device becoming unresponsive, with no access available through the console or CLI. Additionally, the affected device will not respond to ping or SNMP requests, as well as requests from other control plane protocols. It is important to note that data traffic is not affected; however, a complete reboot of the device is necessary to restore control plane operations.",Cisco,iOS Xe,4.3,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20467,https://securityvulnerability.io/vulnerability/CVE-2024-20467,Cisco IOS XE Software Vulnerability Could Lead to Denial of Service,"A vulnerability exists in the IPv4 fragmentation reassembly code of Cisco IOS XE Software, which may allow an unauthenticated, remote attacker to exploit this flaw and trigger a denial of service (DoS) on impacted devices. This issue stems from inadequate resource management during the process of fragment reassembly. By sending specifically sized fragmented packets or through a Virtual Fragmentation Reassembly (VFR)-enabled interface, an attacker could potentially induce a device reload, leading to service interruptions. The specific Cisco products affected include the ASR 1000 Series Aggregation Services Routers and cBR-8 Converged Broadband Routers operating on software versions 17.12.1 and 17.12.1a.",Cisco,iOS Xe,8.6,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20436,https://securityvulnerability.io/vulnerability/CVE-2024-20436,Cisco IOS XE Software Vulnerability Could Lead to Denial of Service,"The vulnerability exists in the HTTP Server feature of Cisco IOS XE Software specifically when the Telephony Service feature is enabled. This issue allows an unauthenticated remote attacker to exploit a null pointer dereference by sending specially crafted HTTP traffic to an affected device. A successful attack can lead to the device reloading, effectively causing a denial of service condition that disrupts normal functionality. It is crucial to address this vulnerability to maintain system integrity and availability.",Cisco,iOS Xe,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20414,https://securityvulnerability.io/vulnerability/CVE-2024-20414,Cisco IOS and IOS XE Software Vulnerability - Cross-Site Request Forgery (CSRF) Attack,"A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI.
 This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticated administrator to follow a crafted link. A successful exploit could allow the attacker to change the configuration of the affected device.",Cisco,iOS Xe,6.5,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-09-25T17:15:00.000Z,0
CVE-2024-20313,https://securityvulnerability.io/vulnerability/CVE-2024-20313,Cisco IOS XE Software Vulnerability Could Lead to Unauthorized Reload and Denial of Service,"The vulnerability presents a risk within the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software that could allow an adjacent attacker without authentication to disrupt the operation of an affected device. This issue arises from insufficient validation of OSPF updates, leading to unexpected device reloading and resulting in a denial of service (DoS). Through the exploitation of this vulnerability, an attacker could send a specially crafted OSPF update, thus provoking the affected device to restart abruptly. Organizations utilizing Cisco IOS XE Software are advised to evaluate their systems for this vulnerability and implement necessary mitigations.",Cisco,Cisco iOS Xe Software,7.4,HIGH,0.0004400000034365803,false,false,false,true,,false,false,2024-04-24T20:42:10.379Z,0
CVE-2024-20310,https://securityvulnerability.io/vulnerability/CVE-2024-20310,,"A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.
 This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,"Cisco iOS Xe Software,Cisco Unified Communications Manager Im And Presence Service",6.1,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-04-03T17:15:00.000Z,0
CVE-2024-20307,https://securityvulnerability.io/vulnerability/CVE-2024-20307,Cisco IOS Software and IOS XE Software Vulnerability: Heap Overflow Due to IKEv1 Fragmentation Code Flaw,"A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading.
 This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
 Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.",Cisco,"Ios,Cisco Ios Xe Software",6.8,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2024-03-27T17:23:40.022Z,0
CVE-2024-20308,https://securityvulnerability.io/vulnerability/CVE-2024-20308,Cisco IOS and IOS XE Vulnerability: Heap Underflow Due to IKEv1 Fragmentation Code Flaw,"A security flaw has been identified in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software that allows an unauthenticated, remote attacker to exploit the affected device. The vulnerability arises from a failure to properly reassemble crafted, fragmented IKEv1 packets, which could lead to a heap underflow condition. An attacker can exploit this issue by sending specifically crafted UDP packets to the affected system. Successful exploitation may cause the device to reload, thus resulting in a denial of service (DoS) condition. The vulnerability is applicable to both IPv4 and IPv6 traffic, which means that only traffic directed at the affected system is capable of triggering the flaw.",Cisco,"iOS,Cisco iOS Xe Software",8.6,HIGH,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T17:22:11.592Z,0
CVE-2024-20271,https://securityvulnerability.io/vulnerability/CVE-2024-20271,Cisco Access Point Software Vulnerability Could Lead to Denial of Service,"A vulnerability in the IP packet processing of Cisco Access Point Software allows an unauthenticated, remote attacker to exploit specific weaknesses in input validation of IPv4 packets. By sending specially crafted IPv4 packets to or through an affected device, an attacker can induce an unexpected reload of the device, resulting in a denial of service (DoS) condition. Importantly, exploitation does not require the attacker to be associated with the access point, making this a significant risk to network availability. This issue does not affect IPv6 packet processing.",Cisco,"Cisco Aironet Access Point Software,Cisco Business Wireless Access Point Software,Cisco Aironet Access Point Software (iOS Xe Controller)",8.6,HIGH,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T17:05:27.473Z,0
CVE-2024-20265,https://securityvulnerability.io/vulnerability/CVE-2024-20265,Unauthenticated Attacker Could Bypass Cisco Secure Boot Validation and Load Tampered Image on Affected Device,"A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.
 This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.",Cisco,"Cisco iOS Xe Software,Cisco Aironet Access Point Software,Cisco Business Wireless Access Point Software,Cisco Aironet Access Point Software (iOS Xe Controller)",5.9,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T17:03:54.505Z,0
CVE-2024-20309,https://securityvulnerability.io/vulnerability/CVE-2024-20309,Cisco IOS XE Software Vulnerability Could Lead to Device Reload or Denial of Service,"A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding.
 This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition.",Cisco,Cisco iOS Xe Software,5.6,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T17:02:19.749Z,0
CVE-2024-20303,https://securityvulnerability.io/vulnerability/CVE-2024-20303,Cisco IOS XE Software for Wireless LAN Controllers (WLCs) Vulnerability Could Lead to Denial of Service,"A vulnerability exists within the multicast DNS (mDNS) gateway functionality of Cisco IOS XE Software used in Wireless LAN Controllers. This issue arises from inadequate handling of mDNS client entries, allowing an unauthenticated attacker on the same wireless network to disrupt service. By sending a continuous flow of targeted mDNS packets, the attacker could cause the wireless controller to enter a state of elevated CPU usage, potentially resulting in access points losing connectivity with the controller. Such an event can create a significant denial of service condition, affecting overall network performance.",Cisco,Cisco Ios Xe Software,7.4,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-03-27T17:00:37.075Z,0
CVE-2024-20278,https://securityvulnerability.io/vulnerability/CVE-2024-20278,Cisco IOS XE Software Vulnerability: Elevation of Privileges,"A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device.
 This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root.",Cisco,Cisco iOS Xe Software,6.5,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T16:59:12.963Z,0
CVE-2024-20306,https://securityvulnerability.io/vulnerability/CVE-2024-20306,Cisco UTD Configuration CLI Vulnerability Allows Arbitrary Code Execution as Root,"A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. 
 This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system.",Cisco,Cisco Ios Xe Software,6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-27T16:58:22.583Z,0
CVE-2024-20314,https://securityvulnerability.io/vulnerability/CVE-2024-20314,Cisco IPv4 SD-Access Fabric Edge Node Vulnerability Could Lead to Denial of Service,"A vulnerability exists within the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software that allows an unauthenticated, remote attacker to exploit improper handling of specific IPv4 packets. Exploitation of this vulnerability could lead to significant CPU resource exhaustion on the affected devices, halting all traffic processing and resulting in a denial of service (DoS) condition. Attackers are able to trigger this condition by sending specially crafted IPv4 packets, prompting a serious operational risk for affected installations.",Cisco,Cisco iOS Xe Software,8.6,HIGH,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T16:57:27.974Z,0
CVE-2024-20312,https://securityvulnerability.io/vulnerability/CVE-2024-20312,Cisco IOS and IOS XE Vulnerability Could Lead to Denial of Service,"A vulnerability exists in the Intermediate System-to-Intermediate System (IS-IS) protocol within Cisco IOS Software and Cisco IOS XE Software. This security issue arises from inadequate input validation when processing incoming IS-IS packets. An attacker, positioned Layer 2 adjacent to the targeted device and having established an adjacency, can exploit this flaw by sending a specially crafted IS-IS packet. Successful exploitation could result in the affected device reloading unexpectedly, leading to a denial of service condition. This vulnerability poses significant risks to network stability and security for organizations using vulnerable Cisco products.",Cisco,"iOS,Cisco iOS Xe Software",7.4,HIGH,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T16:56:42.490Z,0
CVE-2024-20324,https://securityvulnerability.io/vulnerability/CVE-2024-20324,Cisco IOS XE Software Vulnerability Allows Access to WLAN Configuration Details Including Passwords,"A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords.
 This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration details, including passwords. A successful exploit could allow the attacker to access configuration details that they are not authorized to access.",Cisco,Cisco iOS Xe Software,5.5,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T16:55:53.837Z,0