CWE-1286
AllowedImproper Validation of Syntactic Correctness of Input
Abstraction: Base · Status: Incomplete
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
150 vulnerabilities reference this CWE, most recent first.
CVE-2019-25720 (GCVE-0-2019-25720)
Vulnerability from cvelistv5 – Published: 2026-06-03 16:56 – Updated: 2026-06-03 17:44- CWE-1286 - Improper Validation of Syntactic Correctness of Input
| URL | Tags |
|---|---|
| https://static.draeger.com/security/download/2019… | vendor-advisory |
| https://www.vulncheck.com/advisories/dr-ger-sc-mo… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T17:44:08.218138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T17:44:47.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SC 6002XL",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "SC 6002XL",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SC6802XL",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "SC6802XL",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SC 7000",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "SC 7000",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SC8000",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "SC8000",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SC90000 XL",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "SC90000 XL",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeroen Slobbe and Max Grim"
}
],
"datePublic": "2019-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDr\u00e4ger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.\u003c/p\u003e"
}
],
"value": "Dr\u00e4ger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T16:56:29.683Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://static.draeger.com/security/download/2019-11-27-Draeger-SC7000-SC9000-security-advisory-update-v1-5.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dr-ger-sc-monitoring-devices-dos-via-malformed-network-packet"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dr\u00e4ger SC Monitoring Devices DoS via Malformed Network Packet"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25720",
"datePublished": "2026-06-03T16:56:29.683Z",
"dateReserved": "2026-06-02T14:22:01.500Z",
"dateUpdated": "2026-06-03T17:44:47.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-2369-45JQ-XGC9
Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-05 15:30Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges.
{
"affected": [],
"aliases": [
"CVE-2025-59785"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T16:16:25Z",
"severity": "MODERATE"
},
"details": "Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.\nThis vulnerability can only be exploited after authenticating with administrator privileges.",
"id": "GHSA-2369-45jq-xgc9",
"modified": "2026-03-05T15:30:35Z",
"published": "2026-03-04T18:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59785"
},
{
"type": "WEB",
"url": "https://www.2n.com/en-GB/download/cve_2025_59785_acom_3_5_v1pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-26FH-VCWC-MCGV
Vulnerability from github – Published: 2026-04-16 21:31 – Updated: 2026-04-16 21:31Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required.
{
"affected": [],
"aliases": [
"CVE-2026-6442"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-16T19:16:35Z",
"severity": "HIGH"
},
"details": "Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required.",
"id": "GHSA-26fh-vcwc-mcgv",
"modified": "2026-04-16T21:31:13Z",
"published": "2026-04-16T21:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6442"
},
{
"type": "WEB",
"url": "https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Response"
},
{
"type": "WEB",
"url": "https://www.promptarmor.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-288P-75Q5-6GJ7
Vulnerability from github – Published: 2024-09-10 06:30 – Updated: 2024-11-29 06:3551l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
{
"affected": [],
"aliases": [
"CVE-2024-6173"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T05:15:12Z",
"severity": "MODERATE"
},
"details": "51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.",
"id": "GHSA-288p-75q5-6gj7",
"modified": "2024-11-29T06:35:28Z",
"published": "2024-09-10T06:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6173"
},
{
"type": "WEB",
"url": "https://www.axis.com/dam/public/33/0c/c8/cve-2024-6173-en-US-448995.pdf"
},
{
"type": "WEB",
"url": "https://www.axis.com/dam/public/5a/87/a2/cve-2024-6173-en-US-458042.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2RQ5-QMGJ-689W
Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2023-12-12 21:31Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.
{
"affected": [],
"aliases": [
"CVE-2020-16220"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-11T14:15:00Z",
"severity": "LOW"
},
"details": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.",
"id": "GHSA-2rq5-qmgj-689w",
"modified": "2023-12-12T21:31:06Z",
"published": "2022-05-24T17:28:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16220"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
},
{
"type": "WEB",
"url": "https://www.philips.com/productsecurity"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-34F4-M9RH-9X9J
Vulnerability from github – Published: 2024-07-11 18:31 – Updated: 2024-07-12 18:31An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS).
This issue can occur in two scenarios:
-
If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.)
-
If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. Please note that the CVSS score is for the formally more severe issue 1.
The CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
This issue affects Junos OS:
- All versions before 21.2R3-S4,
- 21.4 versions before 21.4R2,
- 22.2 versions before 22.2R3-S2;
Junos OS Evolved:
- All versions before 21.2R3-S8-EVO,
- 21.4 versions before 21.4R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2024-39542"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-11T17:15:13Z",
"severity": "HIGH"
},
"details": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS).\n\nThis issue can occur in two scenarios:\n\n1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.)\n\n2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted.\u00a0Please note that the CVSS score is for the formally more severe issue 1.\n\nThe CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n\n\n\nThis issue affects Junos OS:\n\n\n\n * All versions before\u00a021.2R3-S4,\n * 21.4 versions before 21.4R2,\n * 22.2 versions before 22.2R3-S2;\u00a0\n\n\n\n\nJunos OS Evolved:\n\n\n\n\n * All versions before\u00a021.2R3-S8-EVO,\n * 21.4 versions before 21.4R2-EVO.",
"id": "GHSA-34f4-m9rh-9x9j",
"modified": "2024-07-12T18:31:48Z",
"published": "2024-07-11T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39542"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA83002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-355P-VP22-PP2V
Vulnerability from github – Published: 2024-01-12 03:30 – Updated: 2024-01-12 03:30An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.
NAT IP usage can be monitored by running the following command.
user@srx> show security nat resource-usage source-pool
Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects:
Juniper Networks Junos OS on MX Series and SRX Series
- All versions earlier than 21.2R3-S6;
- 21.3 versions earlier than 21.3R3-S5;
- 21.4 versions earlier than 21.4R3-S5;
- 22.1 versions earlier than 22.1R3-S4;
- 22.2 versions earlier than 22.2R3-S3;
- 22.3 versions earlier than 22.3R3-S1;
- 22.4 versions earlier than 22.4R2-S2, 22.4R3;
- 23.2 versions earlier than 23.2R1-S1, 23.2R2.
{
"affected": [],
"aliases": [
"CVE-2024-21616"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-12T01:15:50Z",
"severity": "HIGH"
},
"details": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.\n\nNAT IP usage can be monitored by running the following command.\n\nuser@srx\u003e show security nat resource-usage source-pool \u003csource_pool_name\u003e\n\n\nPool name: source_pool_name\n..\nAddress Factor-index Port-range Used Avail Total Usage\nX.X.X.X\n0 Single Ports 50258 52342 62464 96% \u003c\u003c\u003c\u003c\u003c\n- Alg Ports 0 2048 2048 0%\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series and SRX Series\n\n\n\n * All versions earlier than 21.2R3-S6;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\n\n\n",
"id": "GHSA-355p-vp22-pp2v",
"modified": "2024-01-12T03:30:49Z",
"published": "2024-01-12T03:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21616"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA75757"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-35M6-RF3V-8CXX
Vulnerability from github – Published: 2024-04-10 18:30 – Updated: 2024-09-20 15:30A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets.
Network traffic may not be analyzed until the IDS module is restarted.
{
"affected": [],
"aliases": [
"CVE-2024-0218"
],
"database_specific": {
"cwe_ids": [
"CWE-1286",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T16:15:09Z",
"severity": "HIGH"
},
"details": "A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets.\n\nNetwork traffic may not be analyzed until the IDS module is restarted.\n\n",
"id": "GHSA-35m6-rf3v-8cxx",
"modified": "2024-09-20T15:30:36Z",
"published": "2024-04-10T18:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0218"
},
{
"type": "WEB",
"url": "https://security.nozominetworks.com/NN-2024:1-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3855-FJJH-9XH2
Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-25 18:31A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users.
This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges.
{
"affected": [],
"aliases": [
"CVE-2026-20114"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T16:16:16Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. \n\n This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges.",
"id": "GHSA-3855-fjjh-9xh2",
"modified": "2026-03-25T18:31:47Z",
"published": "2026-03-25T18:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20114"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-lobby-privesc-KwxBqJy"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-38GM-M6WW-X846
Vulnerability from github – Published: 2024-01-12 03:30 – Updated: 2024-01-12 03:30An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.
This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.
This issue affects:
Juniper Networks Junos OS
- 21.4R3 versions earlier than 21.4R3-S4;
- 22.1R3 versions earlier than 22.1R3-S3;
- 22.2R2 versions earlier than 22.2R3-S1;
- 22.3 versions earlier than 22.3R2-S2, 22.3R3;
- 22.4 versions earlier than 22.4R2;
- 23.1 versions earlier than 23.1R2.
{
"affected": [],
"aliases": [
"CVE-2024-21595"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-12T01:15:47Z",
"severity": "HIGH"
},
"details": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.\n\nThis issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * 21.4R3 versions earlier than 21.4R3-S4;\n * 22.1R3 versions earlier than 22.1R3-S3;\n * 22.2R2 versions earlier than 22.2R3-S1;\n * 22.3 versions earlier than 22.3R2-S2, 22.3R3;\n * 22.4 versions earlier than 22.4R2;\n * 23.1 versions earlier than 23.1R2.\n\n\n\n\n\n\n",
"id": "GHSA-38gm-m6ww-x846",
"modified": "2024-01-12T03:30:48Z",
"published": "2024-01-12T03:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21595"
},
{
"type": "WEB",
"url": "https://advisory.juniper.net/JSA75734"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-66: SQL Injection
This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.
CAPEC-676: NoSQL Injection
An adversary targets software that constructs NoSQL statements based on user input or with parameters vulnerable to operator replacement in order to achieve a variety of technical impacts such as escalating privileges, bypassing authentication, and/or executing code.