Cisco Network Assurance Engine vulnerabilities
3 known vulnerabilities affecting cisco/network_assurance_engine.
Total CVEs
3
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2021-44228CRITICALCVSS 10.0KEVPoCfixed in 6.0.2v6.0\(2.1912\)2021-12-10
CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD
nvd
CVE-2019-1688HIGHCVSS 7.1v3.0\(1\)2019-02-12
CVE-2019-1688 [HIGH] CWE-798 CVE-2019-1688: A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow
A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authent
nvd
CVE-2018-5390HIGHCVSS 7.5v2.1\(1a\)2018-08-06
CVE-2018-5390 [HIGH] CWE-400 CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() an
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
nvd