Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Filtered by product 829 Industrial Integrated Services Router
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20076 1 Cisco 15 807 Industrial Integrated Services Router, 807 Industrial Integrated Services Router Firmware, 809 Industrial Integrated Services Router and 12 more 2023-12-10 N/A 8.8 HIGH
A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.
CVE-2022-20725 1 Cisco 67 800m Integrated Services Router, 807 Industrial Integrated Services Router, 812 3g Integrated Services Router and 64 more 2023-12-10 3.5 LOW 4.8 MEDIUM
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2021-1460 1 Cisco 7 809 Industrial Integrated Services Router, 829 Industrial Integrated Services Router, Cgr1000 and 4 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition.
CVE-2020-3426 1 Cisco 6 1120 Connected Grid Router, 1240 Connected Grid Router, 807 Industrial Integrated Services Router and 3 more 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition.
CVE-2018-0163 2 Cisco, Rockwellautomation 96 1120 Connected Grid Router, 1240 Connected Grid Router, 1905 Serial Integrated Services Router and 93 more 2023-12-10 3.3 LOW 6.5 MEDIUM
A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701.