Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-11 | CVE-2024-20304 | Memory Leak vulnerability in Cisco IOS XR A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory. | 7.5 |
| 2024-09-11 | CVE-2024-20317 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. low complexity cisco | 7.4 |
| 2024-09-11 | CVE-2024-20381 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device. This vulnerability is due to improper authorization checks on the API. | 8.8 |
| 2024-09-11 | CVE-2024-20398 | OS Command Injection vulnerability in Cisco IOS XR A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. | 7.8 |
| 2024-09-11 | CVE-2024-20406 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of ingress IS-IS packets. low complexity cisco | 7.4 |
| 2024-09-11 | CVE-2024-20483 | OS Command Injection vulnerability in Cisco IOS XR Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root. These vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. | 7.2 |
| 2024-09-04 | CVE-2024-20440 | Information Exposure Through Log Files vulnerability in Cisco Smart License Utility 2.0.0/2.1.0/2.2.0 A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. | 7.5 |
| 2024-08-28 | CVE-2024-20284 | Unspecified vulnerability in Cisco Nx-Os 9.3(13) A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. | 8.8 |
| 2024-08-28 | CVE-2024-20285 | Unspecified vulnerability in Cisco Nx-Os 9.3(13) A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. | 8.8 |
| 2024-08-28 | CVE-2024-20286 | Unspecified vulnerability in Cisco Nx-Os 9.3(13) A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. | 8.8 |