From ade3738bef606d1b6cce62ceb80f212431fe3398 Mon Sep 17 00:00:00 2001 From: Eva Date: Tue, 20 Feb 2024 15:56:00 -0500 Subject: [PATCH 1/4] add capability descriptions --- .../cve-10.21.2021_attack-9.0-enterprise.json | 3406 ++++++++--------- src/mapex_convert/parse_cve_mappings.py | 17 +- 2 files changed, 1719 insertions(+), 1704 deletions(-) diff --git a/mappings/cve/attack-9.0/cve-10.21.2021/enterprise/cve-10.21.2021_attack-9.0-enterprise.json b/mappings/cve/attack-9.0/cve-10.21.2021/enterprise/cve-10.21.2021_attack-9.0-enterprise.json index e3ad13f8..4ebd4425 100644 --- a/mappings/cve/attack-9.0/cve-10.21.2021/enterprise/cve-10.21.2021_attack-9.0-enterprise.json +++ b/mappings/cve/attack-9.0/cve-10.21.2021/enterprise/cve-10.21.2021_attack-9.0-enterprise.json @@ -41,7 +41,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.", "capability_id": "CVE-2019-15243", "mapping_type": "primary_impact", "capability_group": "2019", @@ -52,7 +52,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.", "capability_id": "CVE-2019-15243", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -63,7 +63,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.", "capability_id": "CVE-2019-15243", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -74,7 +74,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2019-15976", "mapping_type": "primary_impact", "capability_group": "2019", @@ -85,7 +85,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2019-15976", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -96,7 +96,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2019-15976", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -107,7 +107,7 @@ "attack_object_id": "T1499", "attack_object_name": "Endpoint Denial of Service", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations.", "capability_id": "CVE-2019-15956", "mapping_type": "primary_impact", "capability_group": "2019", @@ -118,7 +118,7 @@ "attack_object_id": "T1098", "attack_object_name": "Account Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations.", "capability_id": "CVE-2019-15956", "mapping_type": "primary_impact", "capability_group": "2019", @@ -129,7 +129,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations.", "capability_id": "CVE-2019-15956", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -140,7 +140,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations.", "capability_id": "CVE-2019-15956", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -151,7 +151,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.", "capability_id": "CVE-2019-15958", "mapping_type": "primary_impact", "capability_group": "2019", @@ -162,7 +162,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.", "capability_id": "CVE-2019-15958", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -173,7 +173,7 @@ "attack_object_id": "T1574", "attack_object_name": "Hijack Execution Flow", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning.", "capability_id": "CVE-2019-12660", "mapping_type": "primary_impact", "capability_group": "2019", @@ -184,7 +184,7 @@ "attack_object_id": "T1562", "attack_object_name": "Impair Defenses", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning.", "capability_id": "CVE-2019-12660", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -195,7 +195,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning.", "capability_id": "CVE-2019-12660", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -206,7 +206,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.", "capability_id": "CVE-2019-1753", "mapping_type": "primary_impact", "capability_group": "2019", @@ -217,7 +217,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.", "capability_id": "CVE-2019-1753", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -228,7 +228,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.", "capability_id": "CVE-2019-1753", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -239,7 +239,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.", "capability_id": "CVE-2019-1753", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -250,7 +250,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user’s browser and Cisco Unified Intelligence Center in the context of the malicious gadget.", "capability_id": "CVE-2019-1860", "mapping_type": "primary_impact", "capability_group": "2019", @@ -261,7 +261,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user’s browser and Cisco Unified Intelligence Center in the context of the malicious gadget.", "capability_id": "CVE-2019-1860", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -272,7 +272,7 @@ "attack_object_id": "T1036", "attack_object_name": "Masquerading", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific character strings in the message. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.", "capability_id": "CVE-2019-1831", "mapping_type": "primary_impact", "capability_group": "2019", @@ -283,7 +283,7 @@ "attack_object_id": "T1566", "attack_object_name": "Phishing", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific character strings in the message. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.", "capability_id": "CVE-2019-1831", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -294,7 +294,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. At the time of publication, this vulnerability affected Cisco ISE running software releases 2.6.0 and prior.", "capability_id": "CVE-2019-1942", "mapping_type": "primary_impact", "capability_group": "2019", @@ -305,7 +305,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. At the time of publication, this vulnerability affected Cisco ISE running software releases 2.6.0 and prior.", "capability_id": "CVE-2019-1942", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -316,7 +316,7 @@ "attack_object_id": "T1565.001", "attack_object_name": "Stored Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. At the time of publication, this vulnerability affected Cisco ISE running software releases 2.6.0 and prior.", "capability_id": "CVE-2019-1942", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -327,7 +327,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. At the time of publication, this vulnerability affected Cisco ISE running software releases 2.6.0 and prior.", "capability_id": "CVE-2019-1942", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -338,7 +338,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. At the time of publication, this vulnerability affected Cisco ISE running software releases 2.6.0 and prior.", "capability_id": "CVE-2019-1942", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -349,7 +349,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.", "capability_id": "CVE-2019-15972", "mapping_type": "primary_impact", "capability_group": "2019", @@ -360,7 +360,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.", "capability_id": "CVE-2019-15972", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -371,7 +371,7 @@ "attack_object_id": "T1565.001", "attack_object_name": "Stored Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.", "capability_id": "CVE-2019-15972", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -382,7 +382,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.", "capability_id": "CVE-2019-15972", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -393,7 +393,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.", "capability_id": "CVE-2019-15972", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -404,7 +404,7 @@ "attack_object_id": "T1608", "attack_object_name": "Stage Capabilities", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device.", "capability_id": "CVE-2019-16009", "mapping_type": "primary_impact", "capability_group": "2019", @@ -415,7 +415,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device.", "capability_id": "CVE-2019-16009", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -426,7 +426,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.", "capability_id": "CVE-2019-1879", "mapping_type": "primary_impact", "capability_group": "2019", @@ -437,7 +437,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.", "capability_id": "CVE-2019-1879", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -448,7 +448,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.", "capability_id": "CVE-2019-1879", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -459,7 +459,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.", "capability_id": "CVE-2019-1863", "mapping_type": "primary_impact", "capability_group": "2019", @@ -470,7 +470,7 @@ "attack_object_id": "T1565.001", "attack_object_name": "Stored Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.", "capability_id": "CVE-2019-1863", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -481,7 +481,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.", "capability_id": "CVE-2019-1863", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -492,7 +492,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.", "capability_id": "CVE-2019-1863", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -503,7 +503,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted.", "capability_id": "CVE-2020-3403", "mapping_type": "primary_impact", "capability_group": "2020", @@ -514,7 +514,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted.", "capability_id": "CVE-2020-3403", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -525,7 +525,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted.", "capability_id": "CVE-2020-3403", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -536,7 +536,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. At the time of publication, this vulnerability affected Cisco ISE running software releases prior to 2.4.0 Patch 9 and 2.6.0.", "capability_id": "CVE-2019-1941", "mapping_type": "primary_impact", "capability_group": "2019", @@ -547,7 +547,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. At the time of publication, this vulnerability affected Cisco ISE running software releases prior to 2.4.0 Patch 9 and 2.6.0.", "capability_id": "CVE-2019-1941", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -558,7 +558,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. At the time of publication, this vulnerability affected Cisco ISE running software releases prior to 2.4.0 Patch 9 and 2.6.0.", "capability_id": "CVE-2019-1941", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -569,7 +569,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.", "capability_id": "CVE-2020-3292", "mapping_type": "primary_impact", "capability_group": "2020", @@ -580,7 +580,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.", "capability_id": "CVE-2020-3292", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -591,7 +591,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.", "capability_id": "CVE-2020-3292", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -602,7 +602,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.", "capability_id": "CVE-2020-3292", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -613,7 +613,7 @@ "attack_object_id": "T1529", "attack_object_name": "System Shutdown/Reboot", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition.", "capability_id": "CVE-2018-15397", "mapping_type": "primary_impact", "capability_group": "2018", @@ -624,7 +624,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition.", "capability_id": "CVE-2018-15397", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -635,7 +635,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by enabling the support tunnel, setting a key, and deriving the tunnel password. A successful exploit could allow the attacker to run any system command with root access on an affected device.", "capability_id": "CVE-2020-3253", "mapping_type": "primary_impact", "capability_group": "2020", @@ -646,7 +646,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by enabling the support tunnel, setting a key, and deriving the tunnel password. A successful exploit could allow the attacker to run any system command with root access on an affected device.", "capability_id": "CVE-2020-3253", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -657,7 +657,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This vulnerability has been fixed in software version 14.1(1i).", "capability_id": "CVE-2019-1838", "mapping_type": "primary_impact", "capability_group": "2019", @@ -668,7 +668,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This vulnerability has been fixed in software version 14.1(1i).", "capability_id": "CVE-2019-1838", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -679,7 +679,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This vulnerability has been fixed in software version 14.1(1i).", "capability_id": "CVE-2019-1838", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -690,7 +690,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device. The attacker must have valid Local Manager credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based Local Manager interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a system settings tab. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.", "capability_id": "CVE-2020-3233", "mapping_type": "primary_impact", "capability_group": "2020", @@ -701,7 +701,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device. The attacker must have valid Local Manager credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based Local Manager interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a system settings tab. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.", "capability_id": "CVE-2020-3233", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -712,7 +712,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device. The attacker must have valid Local Manager credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based Local Manager interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a system settings tab. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.", "capability_id": "CVE-2020-3233", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -723,7 +723,7 @@ "attack_object_id": "T1608", "attack_object_name": "Stage Capabilities", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system via a web browser and with the privileges of the user.", "capability_id": "CVE-2018-15401", "mapping_type": "primary_impact", "capability_group": "2018", @@ -734,7 +734,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system via a web browser and with the privileges of the user.", "capability_id": "CVE-2018-15401", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -745,7 +745,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.", "capability_id": "CVE-2019-15249", "mapping_type": "primary_impact", "capability_group": "2019", @@ -756,7 +756,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.", "capability_id": "CVE-2019-15249", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -767,7 +767,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.", "capability_id": "CVE-2019-15249", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -778,7 +778,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious code in certain sections of the interface that are visible to other users. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. An attacker would need valid administrator credentials to exploit this vulnerability.", "capability_id": "CVE-2019-15280", "mapping_type": "primary_impact", "capability_group": "2019", @@ -789,7 +789,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious code in certain sections of the interface that are visible to other users. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. An attacker would need valid administrator credentials to exploit this vulnerability.", "capability_id": "CVE-2019-15280", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -800,7 +800,7 @@ "attack_object_id": "T1189", "attack_object_name": "Drive-by Compromise", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious code in certain sections of the interface that are visible to other users. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. An attacker would need valid administrator credentials to exploit this vulnerability.", "capability_id": "CVE-2019-15280", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -811,7 +811,7 @@ "attack_object_id": "T1608", "attack_object_name": "Stage Capabilities", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device.", "capability_id": "CVE-2019-15288", "mapping_type": "primary_impact", "capability_group": "2019", @@ -822,7 +822,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device.", "capability_id": "CVE-2019-15288", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -833,7 +833,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device.", "capability_id": "CVE-2019-15288", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -844,7 +844,7 @@ "attack_object_id": "T1608", "attack_object_name": "Stage Capabilities", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability.", "capability_id": "CVE-2019-1781", "mapping_type": "primary_impact", "capability_group": "2019", @@ -855,7 +855,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability.", "capability_id": "CVE-2019-1781", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -866,7 +866,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability.", "capability_id": "CVE-2019-1781", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -877,7 +877,7 @@ "attack_object_id": "T1565.002", "attack_object_name": "Transmitted Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by intercepting a request from a user and injecting malicious data into an HTTP header. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", "capability_id": "CVE-2020-3460", "mapping_type": "primary_impact", "capability_group": "2020", @@ -888,7 +888,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by intercepting a request from a user and injecting malicious data into an HTTP header. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", "capability_id": "CVE-2020-3460", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -899,7 +899,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.", "capability_id": "CVE-2020-3137", "mapping_type": "primary_impact", "capability_group": "2020", @@ -910,7 +910,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.", "capability_id": "CVE-2020-3137", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -921,7 +921,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.", "capability_id": "CVE-2020-3137", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -932,7 +932,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.", "capability_id": "CVE-2020-3312", "mapping_type": "primary_impact", "capability_group": "2020", @@ -943,7 +943,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.", "capability_id": "CVE-2020-3312", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -954,7 +954,7 @@ "attack_object_id": "T1608", "attack_object_name": "Stage Capabilities", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities.", "capability_id": "CVE-2019-1768", "mapping_type": "primary_impact", "capability_group": "2019", @@ -965,7 +965,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities.", "capability_id": "CVE-2019-1768", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -976,7 +976,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities.", "capability_id": "CVE-2019-1768", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -987,7 +987,7 @@ "attack_object_id": "T1608", "attack_object_name": "Stage Capabilities", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges.", "capability_id": "CVE-2020-3379", "mapping_type": "primary_impact", "capability_group": "2020", @@ -998,7 +998,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges.", "capability_id": "CVE-2020-3379", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -1009,7 +1009,7 @@ "attack_object_id": "T1563", "attack_object_name": "Remote Service Session Hijacking", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated session to create a new user account or otherwise control the device with the privileges of the hijacked session. The vulnerability is due to a lack of proper session management controls. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted device. A successful exploit could allow the attacker to take control of an existing user session on the device. Exploitation of the vulnerability requires that an authorized user session is active and that the attacker can craft an HTTP request to impersonate that session.", "capability_id": "CVE-2019-1724", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1020,7 +1020,7 @@ "attack_object_id": "T1529", "attack_object_name": "System Shutdown/Reboot", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of HTTP and HTTPS requests. An attacker could exploit this vulnerability by sending a malformed HTTP or HTTPS request to an affected device. An exploit could allow the attacker to cause a restart of the web proxy process, resulting in a temporary DoS condition.", "capability_id": "CVE-2019-1817", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1031,7 +1031,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of HTTP and HTTPS requests. An attacker could exploit this vulnerability by sending a malformed HTTP or HTTPS request to an affected device. An exploit could allow the attacker to cause a restart of the web proxy process, resulting in a temporary DoS condition.", "capability_id": "CVE-2019-1817", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1042,7 +1042,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.", "capability_id": "CVE-2020-3477", "mapping_type": "primary_impact", "capability_group": "2020", @@ -1053,7 +1053,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.", "capability_id": "CVE-2020-3477", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -1064,7 +1064,7 @@ "attack_object_id": "T1574.008", "attack_object_name": "Path Interception by Search Order Hijacking", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.", "capability_id": "CVE-2019-1794", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1075,7 +1075,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.", "capability_id": "CVE-2019-1794", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1086,7 +1086,7 @@ "attack_object_id": "T1105", "attack_object_name": "Ingress Tool Transfer", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.", "capability_id": "CVE-2019-1620", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1097,7 +1097,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.", "capability_id": "CVE-2019-1620", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -1108,7 +1108,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device.", "capability_id": "CVE-2020-3216", "mapping_type": "primary_impact", "capability_group": "2020", @@ -1119,7 +1119,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device.", "capability_id": "CVE-2020-3216", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -1130,7 +1130,7 @@ "attack_object_id": "T1499", "attack_object_name": "Endpoint Denial of Service", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of certain DHCP packets. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.", "capability_id": "CVE-2020-3306", "mapping_type": "primary_impact", "capability_group": "2020", @@ -1141,7 +1141,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of certain DHCP packets. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.", "capability_id": "CVE-2020-3306", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -1152,7 +1152,7 @@ "attack_object_id": "T1489", "attack_object_name": "Service Stop", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device.", "capability_id": "CVE-2019-1886", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1163,7 +1163,7 @@ "attack_object_id": "T1489", "attack_object_name": "Service Stop", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could cause the emsd process to crash, resulting in a DoS condition. Resolved in Cisco IOS XR 6.5.1 and later.", "capability_id": "CVE-2019-1711", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1174,7 +1174,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user.", "capability_id": "CVE-2020-3375", "mapping_type": "primary_impact", "capability_group": "2020", @@ -1185,7 +1185,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user.", "capability_id": "CVE-2020-3375", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -1196,7 +1196,7 @@ "attack_object_id": "T1608", "attack_object_name": "Stage Capabilities", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.", "capability_id": "CVE-2019-1857", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1207,7 +1207,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.", "capability_id": "CVE-2019-1857", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1218,7 +1218,7 @@ "attack_object_id": "T1499.002", "attack_object_name": "Service Exhaustion Flood", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for the Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error, which may prevent ingress buffers from being replenished under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to consume all input buffers, which are shared between all interfaces, leading to a queue wedge condition in all active interfaces. This situation would cause an affected device to stop processing any incoming traffic and result in a DoS condition until the device is reloaded manually.", "capability_id": "CVE-2019-1703", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1229,7 +1229,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.", "capability_id": "CVE-2019-15963", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1240,7 +1240,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.", "capability_id": "CVE-2019-15963", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1251,7 +1251,7 @@ "attack_object_id": "T1105", "attack_object_name": "Ingress Tool Transfer", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920.", "capability_id": "CVE-2019-1689", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1262,7 +1262,7 @@ "attack_object_id": "T1565.001", "attack_object_name": "Stored Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920.", "capability_id": "CVE-2019-1689", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -1273,7 +1273,7 @@ "attack_object_id": "T1531", "attack_object_name": "Account Access Removal", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920.", "capability_id": "CVE-2019-1689", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -1284,7 +1284,7 @@ "attack_object_id": "T1565.001", "attack_object_name": "Stored Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.", "capability_id": "CVE-2020-3476", "mapping_type": "primary_impact", "capability_group": "2020", @@ -1295,7 +1295,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.", "capability_id": "CVE-2020-3476", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -1306,7 +1306,7 @@ "attack_object_id": "T1608", "attack_object_name": "Stage Capabilities", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment.", "capability_id": "CVE-2018-15466", "mapping_type": "primary_impact", "capability_group": "2018", @@ -1317,7 +1317,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment.", "capability_id": "CVE-2018-15466", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -1328,7 +1328,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.", "capability_id": "CVE-2019-15287", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1339,7 +1339,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.", "capability_id": "CVE-2019-15287", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1350,7 +1350,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the NETCONF over SSH access control list (ACL). An attacker could exploit this vulnerability by connecting to an affected device using NETCONF over SSH. A successful exploit could allow the attacker to connect to the device on the NETCONF port. Valid credentials are required to access the device. This vulnerability does not affect connections to the default SSH process on the device.", "capability_id": "CVE-2019-15998", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1361,7 +1361,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the NETCONF over SSH access control list (ACL). An attacker could exploit this vulnerability by connecting to an affected device using NETCONF over SSH. A successful exploit could allow the attacker to connect to the device on the NETCONF port. Valid credentials are required to access the device. This vulnerability does not affect connections to the default SSH process on the device.", "capability_id": "CVE-2019-15998", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1372,7 +1372,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded. An attacker could exploit this vulnerability by uploading malicious software using the REST API. A successful exploit could allow an attacker to escalate their privilege level to root. The attacker would need to have the administrator role on the device.", "capability_id": "CVE-2019-1889", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1383,7 +1383,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded. An attacker could exploit this vulnerability by uploading malicious software using the REST API. A successful exploit could allow an attacker to escalate their privilege level to root. The attacker would need to have the administrator role on the device.", "capability_id": "CVE-2019-1889", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1394,7 +1394,7 @@ "attack_object_id": "T1489", "attack_object_name": "Service Stop", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0.", "capability_id": "CVE-2020-3134", "mapping_type": "primary_impact", "capability_group": "2020", @@ -1405,7 +1405,7 @@ "attack_object_id": "T1542.001", "attack_object_name": "System Firmware", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.", "capability_id": "CVE-2019-1736", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1416,7 +1416,7 @@ "attack_object_id": "T1499", "attack_object_name": "Endpoint Denial of Service", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).", "capability_id": "CVE-2020-3120", "mapping_type": "primary_impact", "capability_group": "2020", @@ -1427,7 +1427,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.", "capability_id": "CVE-2019-1764", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1438,7 +1438,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.", "capability_id": "CVE-2019-1764", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1449,7 +1449,7 @@ "attack_object_id": "T1565.002", "attack_object_name": "Transmitted Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.", "capability_id": "CVE-2019-1943", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1460,7 +1460,7 @@ "attack_object_id": "T1189", "attack_object_name": "Drive-by Compromise", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.", "capability_id": "CVE-2019-1943", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -1471,7 +1471,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.", "capability_id": "CVE-2019-1943", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1482,7 +1482,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions prior to 3.5(1a) are affected.", "capability_id": "CVE-2019-1665", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1493,7 +1493,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions prior to 3.5(1a) are affected.", "capability_id": "CVE-2019-1665", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -1504,7 +1504,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions prior to 3.5(1a) are affected.", "capability_id": "CVE-2019-1665", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1515,7 +1515,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "capability_id": "CVE-2019-15994", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1526,7 +1526,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "capability_id": "CVE-2019-15994", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -1537,7 +1537,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "capability_id": "CVE-2019-15994", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1548,7 +1548,7 @@ "attack_object_id": "T1477", "attack_object_name": "Exploit via Radio Interfaces", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions.", "capability_id": "CVE-2019-1747", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1559,7 +1559,7 @@ "attack_object_id": "T1489", "attack_object_name": "Service Stop", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions.", "capability_id": "CVE-2019-1747", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -1570,7 +1570,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.", "capability_id": "CVE-2019-15959", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1581,7 +1581,7 @@ "attack_object_id": "T1091", "attack_object_name": "Replication Through Removable Media", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.", "capability_id": "CVE-2019-15959", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1592,7 +1592,7 @@ "attack_object_id": "T1565.002", "attack_object_name": "Transmitted Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.", "capability_id": "CVE-2019-15974", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1603,7 +1603,7 @@ "attack_object_id": "T1189", "attack_object_name": "Drive-by Compromise", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.", "capability_id": "CVE-2019-15974", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -1614,7 +1614,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system.", "capability_id": "CVE-2019-1772", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1625,7 +1625,7 @@ "attack_object_id": "T1566", "attack_object_name": "Phishing", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system.", "capability_id": "CVE-2019-1772", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1636,7 +1636,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system.", "capability_id": "CVE-2019-1772", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1647,7 +1647,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass the configured content filters, which could allow malicious content to pass through the device.", "capability_id": "CVE-2020-3133", "mapping_type": "primary_impact", "capability_group": "2020", @@ -1658,7 +1658,7 @@ "attack_object_id": "T1566.001", "attack_object_name": "Spearphishing Attachment", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass the configured content filters, which could allow malicious content to pass through the device.", "capability_id": "CVE-2020-3133", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -1669,7 +1669,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2019-12696", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1680,7 +1680,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2019-12696", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1691,7 +1691,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute.", "capability_id": "CVE-2020-3387", "mapping_type": "primary_impact", "capability_group": "2020", @@ -1702,7 +1702,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute.", "capability_id": "CVE-2020-3387", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -1713,7 +1713,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute.", "capability_id": "CVE-2020-3387", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -1724,7 +1724,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "capability_id": "CVE-2018-15393", "mapping_type": "primary_impact", "capability_group": "2018", @@ -1735,7 +1735,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "capability_id": "CVE-2018-15393", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -1746,7 +1746,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "capability_id": "CVE-2018-15393", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -1757,7 +1757,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4).", "capability_id": "CVE-2019-1594", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1768,7 +1768,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4).", "capability_id": "CVE-2019-1594", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1779,7 +1779,7 @@ "attack_object_id": "T1565.001", "attack_object_name": "Stored Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files.", "capability_id": "CVE-2020-3440", "mapping_type": "primary_impact", "capability_group": "2020", @@ -1790,7 +1790,7 @@ "attack_object_id": "T1566", "attack_object_name": "Phishing", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files.", "capability_id": "CVE-2020-3440", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -1801,7 +1801,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files.", "capability_id": "CVE-2020-3440", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -1812,7 +1812,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.", "capability_id": "CVE-2019-1876", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1823,7 +1823,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.", "capability_id": "CVE-2019-1876", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -1834,7 +1834,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "capability_id": "CVE-2020-3121", "mapping_type": "primary_impact", "capability_group": "2020", @@ -1845,7 +1845,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "capability_id": "CVE-2020-3121", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -1856,7 +1856,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "capability_id": "CVE-2020-3121", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -1867,7 +1867,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Stand are affected running software versions prior to 7.0(3)F3(5).", "capability_id": "CVE-2019-1612", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1878,7 +1878,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Stand are affected running software versions prior to 7.0(3)F3(5).", "capability_id": "CVE-2019-1612", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -1889,7 +1889,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Stand are affected running software versions prior to 7.0(3)F3(5).", "capability_id": "CVE-2019-1612", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1900,7 +1900,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Stand are affected running software versions prior to 7.0(3)F3(5).", "capability_id": "CVE-2019-1612", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1911,7 +1911,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. The vulnerability is due to insufficient entropy in the DRBG when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.", "capability_id": "CVE-2019-1715", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1922,7 +1922,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. The vulnerability is due to insufficient entropy in the DRBG when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.", "capability_id": "CVE-2019-1715", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1933,7 +1933,7 @@ "attack_object_id": "T1040", "attack_object_name": "Network Sniffing", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. The vulnerability is due to insufficient entropy in the DRBG when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.", "capability_id": "CVE-2019-1715", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1944,7 +1944,7 @@ "attack_object_id": "T1110", "attack_object_name": "Brute Force", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. The vulnerability is due to insufficient entropy in the DRBG when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.", "capability_id": "CVE-2019-1715", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1955,7 +1955,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).", "capability_id": "CVE-2019-1609", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1966,7 +1966,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).", "capability_id": "CVE-2019-1609", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -1977,7 +1977,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).", "capability_id": "CVE-2019-1609", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -1988,7 +1988,7 @@ "attack_object_id": "T1565.001", "attack_object_name": "Stored Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-root users. The attacker would need valid device credentials. The vulnerability is due to incorrect symbolic link verification of directory paths when they are used in the system shell. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input to specific symbolic link CLI commands. Successful exploitation could allow the attacker to overwrite system files that should be restricted. This vulnerability has been fixed in software version 14.1(1i).", "capability_id": "CVE-2019-1836", "mapping_type": "primary_impact", "capability_group": "2019", @@ -1999,7 +1999,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-root users. The attacker would need valid device credentials. The vulnerability is due to incorrect symbolic link verification of directory paths when they are used in the system shell. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input to specific symbolic link CLI commands. Successful exploitation could allow the attacker to overwrite system files that should be restricted. This vulnerability has been fixed in software version 14.1(1i).", "capability_id": "CVE-2019-1836", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2010,7 +2010,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted traffic to the video service of an affected endpoint. A successful exploit could allow the attacker to cause the video service to crash, resulting in a DoS condition on an affected device.", "capability_id": "CVE-2019-15289", "mapping_type": "primary_impact", "capability_group": "2019", @@ -2021,7 +2021,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted traffic to the video service of an affected endpoint. A successful exploit could allow the attacker to cause the video service to crash, resulting in a DoS condition on an affected device.", "capability_id": "CVE-2019-15289", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2032,7 +2032,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application.", "capability_id": "CVE-2018-15444", "mapping_type": "primary_impact", "capability_group": "2018", @@ -2043,7 +2043,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application.", "capability_id": "CVE-2018-15444", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -2054,7 +2054,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application.", "capability_id": "CVE-2018-15444", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -2065,7 +2065,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Firepower 4100 Series Next-Generation Firewalls are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. Firepower 9300 Security Appliance are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25) and 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected running software versions prior to 7.1(5)N1(1b) and 7.3(4)N1(1). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).", "capability_id": "CVE-2019-1611", "mapping_type": "primary_impact", "capability_group": "2019", @@ -2076,7 +2076,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Firepower 4100 Series Next-Generation Firewalls are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. Firepower 9300 Security Appliance are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25) and 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected running software versions prior to 7.1(5)N1(1b) and 7.3(4)N1(1). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).", "capability_id": "CVE-2019-1611", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -2087,7 +2087,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Firepower 4100 Series Next-Generation Firewalls are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. Firepower 9300 Security Appliance are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25) and 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected running software versions prior to 7.1(5)N1(1b) and 7.3(4)N1(1). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).", "capability_id": "CVE-2019-1611", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2098,7 +2098,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.", "capability_id": "CVE-2020-3407", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2109,7 +2109,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.", "capability_id": "CVE-2020-3407", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2120,7 +2120,7 @@ "attack_object_id": "T1565.001", "attack_object_name": "Stored Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files.", "capability_id": "CVE-2020-3237", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2131,7 +2131,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files.", "capability_id": "CVE-2020-3237", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2142,7 +2142,7 @@ "attack_object_id": "T1574", "attack_object_name": "Hijack Execution Flow", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device.", "capability_id": "CVE-2018-15376", "mapping_type": "primary_impact", "capability_group": "2018", @@ -2153,7 +2153,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device.", "capability_id": "CVE-2018-15376", "mapping_type": "primary_impact", "capability_group": "2018", @@ -2164,7 +2164,7 @@ "attack_object_id": "T1566", "attack_object_name": "Phishing", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device.", "capability_id": "CVE-2018-15376", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -2175,7 +2175,7 @@ "attack_object_id": "T1091", "attack_object_name": "Replication Through Removable Media", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device.", "capability_id": "CVE-2018-15376", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -2186,7 +2186,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device.", "capability_id": "CVE-2018-15376", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -2197,7 +2197,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.", "capability_id": "CVE-2019-15276", "mapping_type": "primary_impact", "capability_group": "2019", @@ -2208,7 +2208,7 @@ "attack_object_id": "T1189", "attack_object_name": "Drive-by Compromise", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.", "capability_id": "CVE-2019-15276", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2219,7 +2219,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.", "capability_id": "CVE-2019-15276", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2230,7 +2230,7 @@ "attack_object_id": "T1566", "attack_object_name": "Phishing", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.", "capability_id": "CVE-2019-15276", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2241,7 +2241,7 @@ "attack_object_id": "T1542.004", "attack_object_name": "ROMMONkit", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.", "capability_id": "CVE-2020-3416", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2252,7 +2252,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.", "capability_id": "CVE-2020-3416", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2263,7 +2263,7 @@ "attack_object_id": "T1080", "attack_object_name": "Taint Shared Content", "references": [], - "capability_description": "", + "capability_description": "vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote attacker could exploit this vulnerability by using the host role to share files within the Multimedia sharing feature and convincing a former room host to view that file. A warning dialog normally appears cautioning users before the file is displayed; however, the former host would not see that warning dialog, and any shared multimedia would be rendered within the user's browser. The attacker could leverage this behavior to conduct additional attacks by including malicious files within a targeted room host's browser window.", "capability_id": "CVE-2020-3126", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2274,7 +2274,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote attacker could exploit this vulnerability by using the host role to share files within the Multimedia sharing feature and convincing a former room host to view that file. A warning dialog normally appears cautioning users before the file is displayed; however, the former host would not see that warning dialog, and any shared multimedia would be rendered within the user's browser. The attacker could leverage this behavior to conduct additional attacks by including malicious files within a targeted room host's browser window.", "capability_id": "CVE-2020-3126", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2285,7 +2285,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote attacker could exploit this vulnerability by using the host role to share files within the Multimedia sharing feature and convincing a former room host to view that file. A warning dialog normally appears cautioning users before the file is displayed; however, the former host would not see that warning dialog, and any shared multimedia would be rendered within the user's browser. The attacker could leverage this behavior to conduct additional attacks by including malicious files within a targeted room host's browser window.", "capability_id": "CVE-2020-3126", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2296,7 +2296,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by interacting with the interface in a way that injects malicious content in a log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "capability_id": "CVE-2020-3356", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2307,7 +2307,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by interacting with the interface in a way that injects malicious content in a log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "capability_id": "CVE-2020-3356", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -2318,7 +2318,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by interacting with the interface in a way that injects malicious content in a log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "capability_id": "CVE-2020-3356", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2329,7 +2329,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.", "capability_id": "CVE-2019-1915", "mapping_type": "primary_impact", "capability_group": "2019", @@ -2340,7 +2340,7 @@ "attack_object_id": "T1098", "attack_object_name": "Account Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.", "capability_id": "CVE-2019-1915", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -2351,7 +2351,7 @@ "attack_object_id": "T1189", "attack_object_name": "Drive-by Compromise", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.", "capability_id": "CVE-2019-1915", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2362,7 +2362,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.", "capability_id": "CVE-2019-1915", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2373,7 +2373,7 @@ "attack_object_id": "T1566", "attack_object_name": "Phishing", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.", "capability_id": "CVE-2019-1915", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2384,7 +2384,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.", "capability_id": "CVE-2019-1915", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2395,7 +2395,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.", "capability_id": "CVE-2019-1746", "mapping_type": "primary_impact", "capability_group": "2019", @@ -2406,7 +2406,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.", "capability_id": "CVE-2019-1746", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2417,7 +2417,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system.", "capability_id": "CVE-2020-3397", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2428,7 +2428,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system.", "capability_id": "CVE-2020-3397", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2439,7 +2439,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.", "capability_id": "CVE-2019-1812", "mapping_type": "primary_impact", "capability_group": "2019", @@ -2450,7 +2450,7 @@ "attack_object_id": "T1548", "attack_object_name": "Abuse Elevation Control Mechanism", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.", "capability_id": "CVE-2019-1812", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -2461,7 +2461,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.", "capability_id": "CVE-2019-1812", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2472,7 +2472,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.", "capability_id": "CVE-2020-3322", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2483,7 +2483,7 @@ "attack_object_id": "T1566", "attack_object_name": "Phishing", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.", "capability_id": "CVE-2020-3322", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2494,7 +2494,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.", "capability_id": "CVE-2020-3322", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2505,7 +2505,7 @@ "attack_object_id": "T1574", "attack_object_name": "Hijack Execution Flow", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3198", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2516,7 +2516,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3198", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2527,7 +2527,7 @@ "attack_object_id": "T1189", "attack_object_name": "Drive-by Compromise", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3198", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2538,7 +2538,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3198", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2549,7 +2549,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3198", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2560,7 +2560,7 @@ "attack_object_id": "T1566", "attack_object_name": "Phishing", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3198", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2571,7 +2571,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3198", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2582,7 +2582,7 @@ "attack_object_id": "T1091", "attack_object_name": "Replication Through Removable Media", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3198", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2593,7 +2593,7 @@ "attack_object_id": "T1574", "attack_object_name": "Hijack Execution Flow", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected device.", "capability_id": "CVE-2020-3309", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2604,7 +2604,7 @@ "attack_object_id": "T1565.001", "attack_object_name": "Stored Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected device.", "capability_id": "CVE-2020-3309", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -2615,7 +2615,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected device.", "capability_id": "CVE-2020-3309", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2626,7 +2626,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected device.", "capability_id": "CVE-2020-3309", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2637,7 +2637,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system.", "capability_id": "CVE-2020-3177", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2648,7 +2648,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system.", "capability_id": "CVE-2020-3177", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2659,7 +2659,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device.", "capability_id": "CVE-2020-3510", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2670,7 +2670,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device.", "capability_id": "CVE-2020-3510", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2681,7 +2681,7 @@ "attack_object_id": "T1542.004", "attack_object_name": "ROMMONkit", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.", "capability_id": "CVE-2020-3513", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2692,7 +2692,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.", "capability_id": "CVE-2020-3513", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2703,7 +2703,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device.", "capability_id": "CVE-2020-3409", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2714,7 +2714,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device.", "capability_id": "CVE-2020-3409", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2725,7 +2725,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.", "capability_id": "CVE-2020-3349", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2736,7 +2736,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.", "capability_id": "CVE-2020-3349", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -2747,7 +2747,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.", "capability_id": "CVE-2020-3349", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2758,7 +2758,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending malicious DHCP lease requests to an affected application. A successful exploit could allow the attacker to cause the DHCP service to terminate, resulting in a DoS condition.", "capability_id": "CVE-2018-15392", "mapping_type": "primary_impact", "capability_group": "2018", @@ -2769,7 +2769,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending malicious DHCP lease requests to an affected application. A successful exploit could allow the attacker to cause the DHCP service to terminate, resulting in a DoS condition.", "capability_id": "CVE-2018-15392", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -2780,7 +2780,7 @@ "attack_object_id": "T1499", "attack_object_name": "Endpoint Denial of Service", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient ingress TCP rate limiting for TCP ports 22 (SSH) and 443 (HTTPS). An attacker could exploit this vulnerability by sending a crafted, steady stream of TCP traffic to port 22 or 443 on the data interfaces that are configured with management access to the affected device.", "capability_id": "CVE-2018-15462", "mapping_type": "primary_impact", "capability_group": "2018", @@ -2791,7 +2791,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient ingress TCP rate limiting for TCP ports 22 (SSH) and 443 (HTTPS). An attacker could exploit this vulnerability by sending a crafted, steady stream of TCP traffic to port 22 or 443 on the data interfaces that are configured with management access to the affected device.", "capability_id": "CVE-2018-15462", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -2802,7 +2802,7 @@ "attack_object_id": "T1499", "attack_object_name": "Endpoint Denial of Service", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2019-1704", "mapping_type": "primary_impact", "capability_group": "2019", @@ -2813,7 +2813,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2019-1704", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2824,7 +2824,7 @@ "attack_object_id": "T1211", "attack_object_name": "Exploitation for Defense Evasion", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption.", "capability_id": "CVE-2020-3244", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2835,7 +2835,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption.", "capability_id": "CVE-2020-3244", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2846,7 +2846,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3240", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2857,7 +2857,7 @@ "attack_object_id": "T1505.003", "attack_object_name": "Web Shell", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3240", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2868,7 +2868,7 @@ "attack_object_id": "T1003.008", "attack_object_name": "/etc/passwd and /etc/shadow", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3240", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -2879,7 +2879,7 @@ "attack_object_id": "T1552.001", "attack_object_name": "Credentials In Files", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3240", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -2890,7 +2890,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3240", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -2901,7 +2901,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "capability_id": "CVE-2020-3240", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -2912,7 +2912,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.", "capability_id": "CVE-2019-1790", "mapping_type": "primary_impact", "capability_group": "2019", @@ -2923,7 +2923,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.", "capability_id": "CVE-2019-1790", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -2934,7 +2934,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.", "capability_id": "CVE-2019-1790", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -2945,7 +2945,7 @@ "attack_object_id": "T1078.001", "attack_object_name": "Default Accounts", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access.", "capability_id": "CVE-2020-5364", "mapping_type": "primary_impact", "capability_group": "2020", @@ -2956,7 +2956,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access.", "capability_id": "CVE-2020-5364", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -2967,7 +2967,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface.", "capability_id": "CVE-2019-3707", "mapping_type": "primary_impact", "capability_group": "2019", @@ -2978,7 +2978,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.", "capability_id": "CVE-2019-3735", "mapping_type": "primary_impact", "capability_group": "2019", @@ -2989,7 +2989,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.", "capability_id": "CVE-2019-3735", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -3000,7 +3000,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.", "capability_id": "CVE-2018-11048", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3011,7 +3011,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.", "capability_id": "CVE-2018-11048", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -3022,7 +3022,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.", "capability_id": "CVE-2018-11048", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -3033,7 +3033,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.", "capability_id": "CVE-2018-11048", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -3044,7 +3044,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.", "capability_id": "CVE-2019-3754", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3055,7 +3055,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.", "capability_id": "CVE-2019-3754", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -3066,7 +3066,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.", "capability_id": "CVE-2019-3754", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -3077,7 +3077,7 @@ "attack_object_id": "T1078.001", "attack_object_name": "Default Accounts", "references": [], - "capability_description": "", + "capability_description": "Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices.", "capability_id": "CVE-2020-5374", "mapping_type": "primary_impact", "capability_group": "2020", @@ -3088,7 +3088,7 @@ "attack_object_id": "T1078.001", "attack_object_name": "Default Accounts", "references": [], - "capability_description": "", + "capability_description": "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI.", "capability_id": "CVE-2018-15771", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3099,7 +3099,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI.", "capability_id": "CVE-2018-15771", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -3110,7 +3110,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.", "capability_id": "CVE-2018-15782", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3121,7 +3121,7 @@ "attack_object_id": "T1566", "attack_object_name": "Phishing", "references": [], - "capability_description": "", + "capability_description": "The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.", "capability_id": "CVE-2018-15782", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -3132,7 +3132,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.", "capability_id": "CVE-2018-15782", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -3143,7 +3143,7 @@ "attack_object_id": "T1485", "attack_object_name": "Data Destruction", "references": [], - "capability_description": "", + "capability_description": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation", "capability_id": "CVE-2019-3723", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3154,7 +3154,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation", "capability_id": "CVE-2019-3723", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -3165,7 +3165,7 @@ "attack_object_id": "T1574", "attack_object_name": "Hijack Execution Flow", "references": [], - "capability_description": "", + "capability_description": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation", "capability_id": "CVE-2019-3723", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -3176,7 +3176,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation", "capability_id": "CVE-2019-3723", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -3187,7 +3187,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.", "capability_id": "CVE-2018-11045", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3198,7 +3198,7 @@ "attack_object_id": "T1110", "attack_object_name": "Brute Force", "references": [], - "capability_description": "", + "capability_description": "Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.", "capability_id": "CVE-2018-11045", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -3209,7 +3209,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.", "capability_id": "CVE-2020-5345", "mapping_type": "primary_impact", "capability_group": "2020", @@ -3220,7 +3220,7 @@ "attack_object_id": "T1565.001", "attack_object_name": "Stored Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.", "capability_id": "CVE-2020-5345", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -3231,7 +3231,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected system.", "capability_id": "CVE-2020-5336", "mapping_type": "primary_impact", "capability_group": "2020", @@ -3242,7 +3242,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected system.", "capability_id": "CVE-2020-5336", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -3253,7 +3253,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected system.", "capability_id": "CVE-2020-5336", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -3264,7 +3264,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.", "capability_id": "CVE-2018-15795", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3275,7 +3275,7 @@ "attack_object_id": "T1110", "attack_object_name": "Brute Force", "references": [], - "capability_description": "", + "capability_description": "Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.", "capability_id": "CVE-2018-15795", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -3286,7 +3286,7 @@ "attack_object_id": "T1078.001", "attack_object_name": "Default Accounts", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.", "capability_id": "CVE-2020-5365", "mapping_type": "primary_impact", "capability_group": "2020", @@ -3297,7 +3297,7 @@ "attack_object_id": "T1110", "attack_object_name": "Brute Force", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.", "capability_id": "CVE-2020-5365", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -3308,7 +3308,7 @@ "attack_object_id": "T1548", "attack_object_name": "Abuse Elevation Control Mechanism", "references": [], - "capability_description": "", + "capability_description": "Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.", "capability_id": "CVE-2019-3717", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3319,7 +3319,7 @@ "attack_object_id": "T1200", "attack_object_name": "Hardware Additions", "references": [], - "capability_description": "", + "capability_description": "Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.", "capability_id": "CVE-2019-3717", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -3330,7 +3330,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", "capability_id": "CVE-2019-3732", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3341,7 +3341,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", "capability_id": "CVE-2019-3732", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -3352,7 +3352,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", "capability_id": "CVE-2019-3731", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3363,7 +3363,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", "capability_id": "CVE-2019-3731", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -3374,7 +3374,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.", "capability_id": "CVE-2020-5326", "mapping_type": "primary_impact", "capability_group": "2020", @@ -3385,7 +3385,7 @@ "attack_object_id": "T1542.001", "attack_object_name": "System Firmware", "references": [], - "capability_description": "", + "capability_description": "Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.", "capability_id": "CVE-2020-5326", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -3396,7 +3396,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.", "capability_id": "CVE-2018-15776", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3407,7 +3407,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.", "capability_id": "CVE-2018-15776", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -3418,7 +3418,7 @@ "attack_object_id": "T1563", "attack_object_name": "Remote Service Session Hijacking", "references": [], - "capability_description": "", + "capability_description": "The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim\u2019s session and perform arbitrary actions with privileges of the user within the compromised session.", "capability_id": "CVE-2019-18573", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3429,7 +3429,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.", "capability_id": "CVE-2019-3727", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3440,7 +3440,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.", "capability_id": "CVE-2019-3727", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -3451,7 +3451,7 @@ "attack_object_id": "T1489", "attack_object_name": "Service Stop", "references": [], - "capability_description": "", + "capability_description": "RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.", "capability_id": "CVE-2019-3728", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3462,7 +3462,7 @@ "attack_object_id": "T1563", "attack_object_name": "Remote Service Session Hijacking", "references": [], - "capability_description": "", + "capability_description": "The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.", "capability_id": "CVE-2019-3790", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3473,7 +3473,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.", "capability_id": "CVE-2019-3790", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -3484,7 +3484,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.", "capability_id": "CVE-2019-3719", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3495,7 +3495,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.", "capability_id": "CVE-2019-3719", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -3506,7 +3506,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM.", "capability_id": "CVE-2018-15764", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3517,7 +3517,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM.", "capability_id": "CVE-2018-15764", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -3528,7 +3528,7 @@ "attack_object_id": "T1496", "attack_object_name": "Resource Hijacking", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps.", "capability_id": "CVE-2018-11084", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3539,7 +3539,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.", "capability_id": "CVE-2020-5339", "mapping_type": "primary_impact", "capability_group": "2020", @@ -3550,7 +3550,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.", "capability_id": "CVE-2020-5339", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -3561,7 +3561,7 @@ "attack_object_id": "T1189", "attack_object_name": "Drive-by Compromise", "references": [], - "capability_description": "", + "capability_description": "RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.", "capability_id": "CVE-2020-5339", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -3572,7 +3572,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.", "capability_id": "CVE-2018-15784", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3583,7 +3583,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.", "capability_id": "CVE-2020-5386", "mapping_type": "primary_impact", "capability_group": "2020", @@ -3594,7 +3594,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.", "capability_id": "CVE-2019-3704", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3605,7 +3605,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.", "capability_id": "CVE-2019-3704", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -3616,7 +3616,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.", "capability_id": "CVE-2019-3704", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -3627,7 +3627,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.", "capability_id": "CVE-2019-3799", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3638,7 +3638,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.", "capability_id": "CVE-2019-3799", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -3649,7 +3649,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application.", "capability_id": "CVE-2019-18578", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3660,7 +3660,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application.", "capability_id": "CVE-2019-18578", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -3671,7 +3671,7 @@ "attack_object_id": "T1189", "attack_object_name": "Drive-by Compromise", "references": [], - "capability_description": "", + "capability_description": "Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application.", "capability_id": "CVE-2019-18578", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -3682,7 +3682,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.", "capability_id": "CVE-2020-5340", "mapping_type": "primary_impact", "capability_group": "2020", @@ -3693,7 +3693,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.", "capability_id": "CVE-2020-5340", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -3704,7 +3704,7 @@ "attack_object_id": "T1189", "attack_object_name": "Drive-by Compromise", "references": [], - "capability_description": "", + "capability_description": "RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.", "capability_id": "CVE-2020-5340", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -3715,7 +3715,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.", "capability_id": "CVE-2020-5358", "mapping_type": "primary_impact", "capability_group": "2020", @@ -3726,7 +3726,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.", "capability_id": "CVE-2020-5371", "mapping_type": "primary_impact", "capability_group": "2020", @@ -3737,7 +3737,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.", "capability_id": "CVE-2020-5371", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -3748,7 +3748,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.", "capability_id": "CVE-2019-3758", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3759,7 +3759,7 @@ "attack_object_id": "T1136", "attack_object_name": "Create Account", "references": [], - "capability_description": "", + "capability_description": "RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.", "capability_id": "CVE-2019-3758", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -3770,7 +3770,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.", "capability_id": "CVE-2018-11051", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3781,7 +3781,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.", "capability_id": "CVE-2018-11051", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -3792,7 +3792,7 @@ "attack_object_id": "T1542.001", "attack_object_name": "System Firmware", "references": [], - "capability_description": "", + "capability_description": "Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).", "capability_id": "CVE-2020-5378", "mapping_type": "primary_impact", "capability_group": "2020", @@ -3803,7 +3803,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems.", "capability_id": "CVE-2019-3767", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3814,7 +3814,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.", "capability_id": "CVE-2018-15800", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3825,7 +3825,7 @@ "attack_object_id": "T1110", "attack_object_name": "Brute Force", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.", "capability_id": "CVE-2018-15800", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -3836,7 +3836,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.", "capability_id": "CVE-2018-11059", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3847,7 +3847,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.", "capability_id": "CVE-2018-11059", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -3858,7 +3858,7 @@ "attack_object_id": "T1189", "attack_object_name": "Drive-by Compromise", "references": [], - "capability_description": "", + "capability_description": "RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.", "capability_id": "CVE-2018-11059", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -3869,7 +3869,7 @@ "attack_object_id": "T1098", "attack_object_name": "Account Manipulation", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.", "capability_id": "CVE-2019-3775", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3880,7 +3880,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application.", "capability_id": "CVE-2018-11075", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3891,7 +3891,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application.", "capability_id": "CVE-2018-11075", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -3902,7 +3902,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application.", "capability_id": "CVE-2018-11075", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -3913,7 +3913,7 @@ "attack_object_id": "T1542.001", "attack_object_name": "System Firmware", "references": [], - "capability_description": "", + "capability_description": "Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).", "capability_id": "CVE-2020-5376", "mapping_type": "primary_impact", "capability_group": "2020", @@ -3924,7 +3924,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.", "capability_id": "CVE-2018-15761", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3935,7 +3935,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.", "capability_id": "CVE-2018-15761", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -3946,7 +3946,7 @@ "attack_object_id": "T1552", "attack_object_name": "Unsecured Credentials", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending \u201cunknown.org\u201d to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account.", "capability_id": "CVE-2019-3787", "mapping_type": "primary_impact", "capability_group": "2019", @@ -3957,7 +3957,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending \u201cunknown.org\u201d to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account.", "capability_id": "CVE-2019-3787", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -3968,7 +3968,7 @@ "attack_object_id": "T1098", "attack_object_name": "Account Manipulation", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending \u201cunknown.org\u201d to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account.", "capability_id": "CVE-2019-3787", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -3979,7 +3979,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.", "capability_id": "CVE-2018-15797", "mapping_type": "primary_impact", "capability_group": "2018", @@ -3990,7 +3990,7 @@ "attack_object_id": "T1552", "attack_object_name": "Unsecured Credentials", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.", "capability_id": "CVE-2018-15797", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -4001,7 +4001,7 @@ "attack_object_id": "T1499", "attack_object_name": "Endpoint Denial of Service", "references": [], - "capability_description": "", + "capability_description": "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.", "capability_id": "CVE-2018-15772", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4012,7 +4012,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users\u2019 session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.", "capability_id": "CVE-2020-5331", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4023,7 +4023,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.", "capability_id": "CVE-2020-5362", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4034,7 +4034,7 @@ "attack_object_id": "T1098", "attack_object_name": "Account Manipulation", "references": [], - "capability_description": "", + "capability_description": "Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.", "capability_id": "CVE-2020-5362", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -4045,7 +4045,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application.", "capability_id": "CVE-2019-18571", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4056,7 +4056,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application.", "capability_id": "CVE-2019-18571", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -4067,7 +4067,7 @@ "attack_object_id": "T1204.002", "attack_object_name": "Malicious File", "references": [], - "capability_description": "", + "capability_description": "The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application.", "capability_id": "CVE-2019-18571", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -4078,7 +4078,7 @@ "attack_object_id": "T1552.001", "attack_object_name": "Credentials In Files", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.", "capability_id": "CVE-2019-3782", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4089,7 +4089,7 @@ "attack_object_id": "T1098", "attack_object_name": "Account Manipulation", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.", "capability_id": "CVE-2019-3782", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -4100,7 +4100,7 @@ "attack_object_id": "T1542.001", "attack_object_name": "System Firmware", "references": [], - "capability_description": "", + "capability_description": "Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).", "capability_id": "CVE-2020-5379", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4111,7 +4111,7 @@ "attack_object_id": "T1552", "attack_object_name": "Unsecured Credentials", "references": [], - "capability_description": "", + "capability_description": "Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.", "capability_id": "CVE-2018-11088", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4122,7 +4122,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.", "capability_id": "CVE-2018-11088", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -4133,7 +4133,7 @@ "attack_object_id": "T1078.001", "attack_object_name": "Default Accounts", "references": [], - "capability_description": "", + "capability_description": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.", "capability_id": "CVE-2018-11062", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4144,7 +4144,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", "capability_id": "CVE-2018-15758", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4155,7 +4155,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", "capability_id": "CVE-2018-15758", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -4166,7 +4166,7 @@ "attack_object_id": "T1552.001", "attack_object_name": "Credentials In Files", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account.", "capability_id": "CVE-2019-3780", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4177,7 +4177,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account.", "capability_id": "CVE-2019-3780", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -4188,7 +4188,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.", "capability_id": "CVE-2020-5369", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4199,7 +4199,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.", "capability_id": "CVE-2020-5366", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4210,7 +4210,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.", "capability_id": "CVE-2020-5366", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -4221,7 +4221,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim.", "capability_id": "CVE-2019-3798", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4232,7 +4232,7 @@ "attack_object_id": "T1136", "attack_object_name": "Create Account", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim.", "capability_id": "CVE-2019-3798", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -4243,7 +4243,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.", "capability_id": "CVE-2020-5373", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4254,7 +4254,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.", "capability_id": "CVE-2020-5373", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -4265,7 +4265,7 @@ "attack_object_id": "T1036", "attack_object_name": "Masquerading", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.", "capability_id": "CVE-2019-3788", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -4276,7 +4276,7 @@ "attack_object_id": "T1566.002", "attack_object_name": "Spearphishing Link", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.", "capability_id": "CVE-2019-3788", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -4287,7 +4287,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.", "capability_id": "CVE-2018-11060", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4298,7 +4298,7 @@ "attack_object_id": "T1036", "attack_object_name": "Masquerading", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.", "capability_id": "CVE-2018-11067", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -4309,7 +4309,7 @@ "attack_object_id": "T1566.002", "attack_object_name": "Spearphishing Link", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.", "capability_id": "CVE-2018-11067", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -4320,7 +4320,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.", "capability_id": "CVE-2020-5328", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -4331,7 +4331,7 @@ "attack_object_id": "T1563", "attack_object_name": "Remote Service Session Hijacking", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.", "capability_id": "CVE-2019-3784", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4342,7 +4342,7 @@ "attack_object_id": "T1553", "attack_object_name": "Subvert Trust Controls", "references": [], - "capability_description": "", + "capability_description": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.", "capability_id": "CVE-2019-3762", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4353,7 +4353,7 @@ "attack_object_id": "T1588.004", "attack_object_name": "Digital Certificates", "references": [], - "capability_description": "", + "capability_description": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.", "capability_id": "CVE-2019-3762", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -4364,7 +4364,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system.", "capability_id": "CVE-2019-18582", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4375,7 +4375,7 @@ "attack_object_id": "T1574", "attack_object_name": "Hijack Execution Flow", "references": [], - "capability_description": "", + "capability_description": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.", "capability_id": "CVE-2018-11049", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4386,7 +4386,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.", "capability_id": "CVE-2020-5350", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4397,7 +4397,7 @@ "attack_object_id": "T1098", "attack_object_name": "Account Manipulation", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.", "capability_id": "CVE-2020-5350", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -4408,7 +4408,7 @@ "attack_object_id": "T1550.001", "attack_object_name": "Application Access Token", "references": [], - "capability_description": "", + "capability_description": "Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.", "capability_id": "CVE-2018-15801", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -4419,7 +4419,7 @@ "attack_object_id": "T1562", "attack_object_name": "Impair Defenses", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application\u2019s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system.", "capability_id": "CVE-2019-18581", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4430,7 +4430,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application\u2019s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system.", "capability_id": "CVE-2019-18581", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -4441,7 +4441,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed.", "capability_id": "CVE-2020-5332", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4452,7 +4452,7 @@ "attack_object_id": "T1036", "attack_object_name": "Masquerading", "references": [], - "capability_description": "", + "capability_description": "Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the \"redirect_uri\" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different RedirectResolver implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", "capability_id": "CVE-2019-3778", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -4463,7 +4463,7 @@ "attack_object_id": "T1566.002", "attack_object_name": "Spearphishing Link", "references": [], - "capability_description": "", + "capability_description": "Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the \"redirect_uri\" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different RedirectResolver implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", "capability_id": "CVE-2019-3778", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -4474,7 +4474,7 @@ "attack_object_id": "T1068", "attack_object_name": "Exploitation for Privilege Escalation", "references": [], - "capability_description": "", + "capability_description": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.", "capability_id": "CVE-2018-15774", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4485,7 +4485,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information.", "capability_id": "CVE-2018-15780", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4496,7 +4496,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information.", "capability_id": "CVE-2018-15780", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -4507,7 +4507,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable.", "capability_id": "CVE-2019-3786", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4518,7 +4518,7 @@ "attack_object_id": "T1565.001", "attack_object_name": "Stored Data Manipulation", "references": [], - "capability_description": "", + "capability_description": "Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable.", "capability_id": "CVE-2019-3786", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -4529,7 +4529,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface.", "capability_id": "CVE-2019-3706", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4540,7 +4540,7 @@ "attack_object_id": "T1055.001", "attack_object_name": "Dynamic-link Library Injection", "references": [], - "capability_description": "", + "capability_description": "Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.", "capability_id": "CVE-2018-11072", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4551,7 +4551,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.", "capability_id": "CVE-2018-11073", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4562,7 +4562,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.", "capability_id": "CVE-2018-11073", "mapping_type": "secondary_impact", "capability_group": "2018", @@ -4573,7 +4573,7 @@ "attack_object_id": "T1189", "attack_object_name": "Drive-by Compromise", "references": [], - "capability_description": "", + "capability_description": "RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.", "capability_id": "CVE-2018-11073", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -4584,7 +4584,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", "capability_id": "CVE-2018-11087", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4595,7 +4595,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.", "capability_id": "CVE-2019-3708", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4606,7 +4606,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.", "capability_id": "CVE-2019-3708", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -4617,7 +4617,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.", "capability_id": "CVE-2019-3708", "mapping_type": "exploitation_technique", "capability_group": "2019", @@ -4628,7 +4628,7 @@ "attack_object_id": "T1548.003", "attack_object_name": "Sudo and Sudo Caching", "references": [], - "capability_description": "", + "capability_description": "The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file.", "capability_id": "CVE-2018-15767", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4639,7 +4639,7 @@ "attack_object_id": "T1600", "attack_object_name": "Weaken Encryption", "references": [], - "capability_description": "", + "capability_description": "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", "capability_id": "CVE-2018-11069", "mapping_type": "primary_impact", "capability_group": "2018", @@ -4650,7 +4650,7 @@ "attack_object_id": "T1110", "attack_object_name": "Brute Force", "references": [], - "capability_description": "", + "capability_description": "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", "capability_id": "CVE-2018-11069", "mapping_type": "exploitation_technique", "capability_group": "2018", @@ -4661,7 +4661,7 @@ "attack_object_id": "T1552", "attack_object_name": "Unsecured Credentials", "references": [], - "capability_description": "", + "capability_description": "The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.", "capability_id": "CVE-2019-3763", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4672,7 +4672,7 @@ "attack_object_id": "T1078 ", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.", "capability_id": "CVE-2019-3763", "mapping_type": "secondary_impact", "capability_group": "2019", @@ -4683,7 +4683,7 @@ "attack_object_id": "T1485", "attack_object_name": "Data Destruction", "references": [], - "capability_description": "", + "capability_description": "Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the \"Temp\\IC\\ICDebugLog.txt\" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly.", "capability_id": "CVE-2019-3750", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4694,7 +4694,7 @@ "attack_object_id": "T1552", "attack_object_name": "Unsecured Credentials", "references": [], - "capability_description": "", + "capability_description": "Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password and then leaves before entering their two-factor authentication code. The severity of this issue depends on which type of session storage you have configured: in the worst case, if you're using Django's default database session storage, then users' passwords are stored in clear text in your database. In the best case, if you're using Django's signed cookie session, then users' passwords are only stored in clear text within their browser's cookie store. In the common case of using Django's cache session store, the users' passwords are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis). This has been fixed in 1.12. After upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you're using the database session backend, you'll likely want to delete any session record from the database and purge that data from any database backups or replicas. In addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used. As a workaround, wwitching Django's session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading.", "capability_id": "CVE-2020-15105", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4705,7 +4705,7 @@ "attack_object_id": "T1078 ", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password and then leaves before entering their two-factor authentication code. The severity of this issue depends on which type of session storage you have configured: in the worst case, if you're using Django's default database session storage, then users' passwords are stored in clear text in your database. In the best case, if you're using Django's signed cookie session, then users' passwords are only stored in clear text within their browser's cookie store. In the common case of using Django's cache session store, the users' passwords are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis). This has been fixed in 1.12. After upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you're using the database session backend, you'll likely want to delete any session record from the database and purge that data from any database backups or replicas. In addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used. As a workaround, wwitching Django's session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading.", "capability_id": "CVE-2020-15105", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -4716,7 +4716,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.", "capability_id": "CVE-2020-15188", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4727,7 +4727,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.", "capability_id": "CVE-2020-15188", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -4738,7 +4738,7 @@ "attack_object_id": "T1036", "attack_object_name": "Masquerading", "references": [], - "capability_description": "", + "capability_description": "In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4.", "capability_id": "CVE-2020-5250", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4749,7 +4749,7 @@ "attack_object_id": "T1478", "attack_object_name": "Install Insecure or Malicious Configuration", "references": [], - "capability_description": "", + "capability_description": "In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4.", "capability_id": "CVE-2020-5250", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -4760,7 +4760,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \\Symfony\\Component\\Security\\Core\\Exception\\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3.", "capability_id": "CVE-2019-16768", "mapping_type": "primary_impact", "capability_group": "2019", @@ -4771,7 +4771,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted \"going live\" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue.", "capability_id": "CVE-2020-15147", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4782,7 +4782,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted \"going live\" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue.", "capability_id": "CVE-2020-15147", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -4793,7 +4793,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags used within a form field's help text will be rendered unescaped in the page. Allowing HTML within help text is an intentional design decision by Django; however, as a matter of policy Wagtail does not allow editors to insert arbitrary HTML by default, as this could potentially be used to carry out cross-site scripting attacks, including privilege escalation. This functionality should therefore not have been made available to editor-level users. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.4 (for the LTS 2.7 branch) and Wagtail 2.9.3 (for the current 2.9 branch). In these versions, help text will be escaped to prevent the inclusion of HTML tags. Site owners who wish to re-enable the use of HTML within help text (and are willing to accept the risk of this being exploited by editors) may set WAGTAILFORMS_HELP_TEXT_ALLOW_HTML = True in their configuration settings. Site owners who are unable to upgrade to the new versions can secure their form page templates by rendering forms field-by-field as per Django's documentation, but omitting the |safe filter when outputting the help text.", "capability_id": "CVE-2020-15118", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4804,7 +4804,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags used within a form field's help text will be rendered unescaped in the page. Allowing HTML within help text is an intentional design decision by Django; however, as a matter of policy Wagtail does not allow editors to insert arbitrary HTML by default, as this could potentially be used to carry out cross-site scripting attacks, including privilege escalation. This functionality should therefore not have been made available to editor-level users. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.4 (for the LTS 2.7 branch) and Wagtail 2.9.3 (for the current 2.9 branch). In these versions, help text will be escaped to prevent the inclusion of HTML tags. Site owners who wish to re-enable the use of HTML within help text (and are willing to accept the risk of this being exploited by editors) may set WAGTAILFORMS_HELP_TEXT_ALLOW_HTML = True in their configuration settings. Site owners who are unable to upgrade to the new versions can secure their form page templates by rendering forms field-by-field as per Django's documentation, but omitting the |safe filter when outputting the help text.", "capability_id": "CVE-2020-15118", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -4815,7 +4815,7 @@ "attack_object_id": "T1574", "attack_object_name": "Hijack Execution Flow", "references": [], - "capability_description": "", + "capability_description": "In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.", "capability_id": "CVE-2020-5210", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4826,7 +4826,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.", "capability_id": "CVE-2020-5210", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4837,7 +4837,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines. This most impacts scenarios where not-trusted users are given permission to create comments. This has been fixed in 0.29.2.", "capability_id": "CVE-2020-11055", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4848,7 +4848,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines. This most impacts scenarios where not-trusted users are given permission to create comments. This has been fixed in 0.29.2.", "capability_id": "CVE-2020-11055", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -4859,7 +4859,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28.", "capability_id": "CVE-2020-5283", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4870,7 +4870,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28.", "capability_id": "CVE-2020-5283", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -4881,7 +4881,7 @@ "attack_object_id": "T1574", "attack_object_name": "Hijack Execution Flow", "references": [], - "capability_description": "", + "capability_description": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.", "capability_id": "CVE-2020-15211", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4892,7 +4892,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.", "capability_id": "CVE-2020-15211", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -4903,7 +4903,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2. The patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3.", "capability_id": "CVE-2020-5220", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4914,7 +4914,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2. The patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3.", "capability_id": "CVE-2020-5220", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -4925,7 +4925,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect (302) and 3. the redirect url redirects to another domain or hostname Then the authorization header will get passed to the other domain. The problem is fixed in version 1.0.8.", "capability_id": "CVE-2020-11021", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4936,7 +4936,7 @@ "attack_object_id": "T1190", "attack_object_name": "Exploit Public-Facing Application", "references": [], - "capability_description": "", + "capability_description": "Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect (302) and 3. the redirect url redirects to another domain or hostname Then the authorization header will get passed to the other domain. The problem is fixed in version 1.0.8.", "capability_id": "CVE-2020-11021", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -4947,7 +4947,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5", "capability_id": "CVE-2020-5269", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4958,7 +4958,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5", "capability_id": "CVE-2020-5269", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -4969,7 +4969,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5", "capability_id": "CVE-2020-5269", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -4980,7 +4980,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).", "capability_id": "CVE-2020-11030", "mapping_type": "primary_impact", "capability_group": "2020", @@ -4991,7 +4991,7 @@ "attack_object_id": "T1557", "attack_object_name": "Man-in-the-Middle", "references": [], - "capability_description": "", + "capability_description": "In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).", "capability_id": "CVE-2020-11030", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -5002,7 +5002,7 @@ "attack_object_id": "T1204.001", "attack_object_name": "Malicious Link", "references": [], - "capability_description": "", + "capability_description": "In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).", "capability_id": "CVE-2020-11030", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -5013,7 +5013,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content \"\" reproduces the attack. This can be exploited by a user with administrator privileges in the User-Agent field. It can also be exploited by an outside party through the following steps: 1. Create a user with the surname `\" onmouseover=\"alert(document.cookie)` and an empty first name. 2. With this user, create a ticket 3. As an administrator (or other privileged user) open the created ticket 4. On the \"last update\" field, put your mouse on the name of the user 5. The XSS fires This is fixed in version 9.4.6.", "capability_id": "CVE-2020-11036", "mapping_type": "primary_impact", "capability_group": "2020", @@ -5024,7 +5024,7 @@ "attack_object_id": "T1185", "attack_object_name": "Man in the Browser", "references": [], - "capability_description": "", + "capability_description": "In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content \"\" reproduces the attack. This can be exploited by a user with administrator privileges in the User-Agent field. It can also be exploited by an outside party through the following steps: 1. Create a user with the surname `\" onmouseover=\"alert(document.cookie)` and an empty first name. 2. With this user, create a ticket 3. As an administrator (or other privileged user) open the created ticket 4. On the \"last update\" field, put your mouse on the name of the user 5. The XSS fires This is fixed in version 9.4.6.", "capability_id": "CVE-2020-11036", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -5035,7 +5035,7 @@ "attack_object_id": "T1189", "attack_object_name": "Drive-by Compromise", "references": [], - "capability_description": "", + "capability_description": "In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content \"\" reproduces the attack. This can be exploited by a user with administrator privileges in the User-Agent field. It can also be exploited by an outside party through the following steps: 1. Create a user with the surname `\" onmouseover=\"alert(document.cookie)` and an empty first name. 2. With this user, create a ticket 3. As an administrator (or other privileged user) open the created ticket 4. On the \"last update\" field, put your mouse on the name of the user 5. The XSS fires This is fixed in version 9.4.6.", "capability_id": "CVE-2020-11036", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -5046,7 +5046,7 @@ "attack_object_id": "T1574", "attack_object_name": "Hijack Execution Flow", "references": [], - "capability_description": "", + "capability_description": "In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1.", "capability_id": "CVE-2020-15100", "mapping_type": "primary_impact", "capability_group": "2020", @@ -5057,7 +5057,7 @@ "attack_object_id": "T1499.004", "attack_object_name": "Application or System Exploitation", "references": [], - "capability_description": "", + "capability_description": "In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1.", "capability_id": "CVE-2020-15100", "mapping_type": "primary_impact", "capability_group": "2020", @@ -5068,7 +5068,7 @@ "attack_object_id": "T1078", "attack_object_name": "Valid Accounts", "references": [], - "capability_description": "", + "capability_description": "In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1.", "capability_id": "CVE-2020-15100", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -5079,7 +5079,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.", "capability_id": "CVE-2020-15094", "mapping_type": "primary_impact", "capability_group": "2020", @@ -5090,7 +5090,7 @@ "attack_object_id": "T1040", "attack_object_name": "Network Sniffing", "references": [], - "capability_description": "", + "capability_description": "In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.", "capability_id": "CVE-2020-15094", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -5101,7 +5101,7 @@ "attack_object_id": "T1059", "attack_object_name": "Command and Scripting Interpreter", "references": [], - "capability_description": "", + "capability_description": "In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11.", "capability_id": "CVE-2020-15140", "mapping_type": "primary_impact", "capability_group": "2020", @@ -5112,7 +5112,7 @@ "attack_object_id": "T1133", "attack_object_name": "External Remote Services", "references": [], - "capability_description": "", + "capability_description": "In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11.", "capability_id": "CVE-2020-15140", "mapping_type": "exploitation_technique", "capability_group": "2020", @@ -5123,7 +5123,7 @@ "attack_object_id": "T1005", "attack_object_name": "Data from Local System", "references": [], - "capability_description": "", + "capability_description": "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.", "capability_id": "CVE-2020-11087", "mapping_type": "primary_impact", "capability_group": "2020", @@ -5134,7 +5134,7 @@ "attack_object_id": "T1211", "attack_object_name": "Exploitation for Defense Evasion", "references": [], - "capability_description": "", + "capability_description": "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.", "capability_id": "CVE-2020-11087", "mapping_type": "secondary_impact", "capability_group": "2020", @@ -5145,7 +5145,7 @@ "attack_object_id": "T1059.007", "attack_object_name": "JavaScript", "references": [], - "capability_description": "", + "capability_description": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing