Lucene search

K

612 matches found

CVE
CVE
added 2017/09/25 9:29 p.m.36 views

CVE-2011-4667

The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor f...

5.9CVSS5.7AI score0.00151EPSS
CVE
CVE
added 2012/05/02 10:9 a.m.36 views

CVE-2012-0339

Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774.

5CVSS7AI score0.00243EPSS
CVE
CVE
added 2014/04/23 11:52 a.m.36 views

CVE-2012-4651

Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451.

4.3CVSS6.8AI score0.00443EPSS
CVE
CVE
added 2014/04/23 11:52 a.m.36 views

CVE-2012-5044

Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.

5.4CVSS6.9AI score0.00427EPSS
CVE
CVE
added 2013/09/27 10:8 a.m.36 views

CVE-2013-5477

The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.

7.8CVSS6.8AI score0.00427EPSS
CVE
CVE
added 2013/11/13 3:55 p.m.36 views

CVE-2013-5552

Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143.

6.4CVSS6.9AI score0.00155EPSS
CVE
CVE
added 2013/11/08 4:47 a.m.36 views

CVE-2013-5553

Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.

7.8CVSS6.8AI score0.00427EPSS
CVE
CVE
added 2014/10/28 7:55 p.m.36 views

CVE-2014-3293

Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sending many crafted IPv4 packets, aka Bug ID CSCuo29736.

5CVSS7AI score0.01389EPSS
CVE
CVE
added 2016/05/14 1:59 a.m.36 views

CVE-2016-1399

The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP pack...

7.5CVSS7.4AI score0.01119EPSS
CVE
CVE
added 2016/10/05 8:59 p.m.36 views

CVE-2016-6423

The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540.

6.5CVSS6.3AI score0.00437EPSS
CVE
CVE
added 2006/09/14 12:7 a.m.35 views

CVE-2006-4776

Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement.

7.5CVSS8AI score0.21799EPSS
CVE
CVE
added 2007/08/09 9:17 p.m.35 views

CVE-2007-4292

Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249.

9.3CVSS6.6AI score0.07035EPSS
CVE
CVE
added 2017/09/25 5:29 p.m.35 views

CVE-2010-3050

Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).

6.8CVSS6.1AI score0.00487EPSS
CVE
CVE
added 2012/05/02 10:9 a.m.35 views

CVE-2011-3289

Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640.

3.6CVSS6.7AI score0.00071EPSS
CVE
CVE
added 2014/04/23 11:52 a.m.35 views

CVE-2012-3062

Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

5.7CVSS6.9AI score0.0017EPSS
CVE
CVE
added 2014/04/24 10:55 a.m.35 views

CVE-2012-3946

Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

5CVSS7AI score0.00213EPSS
CVE
CVE
added 2014/04/23 11:52 a.m.35 views

CVE-2012-5032

The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an ...

6.4CVSS7AI score0.00506EPSS
CVE
CVE
added 2013/09/27 10:8 a.m.35 views

CVE-2013-5479

The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.

7.8CVSS6.7AI score0.00427EPSS
CVE
CVE
added 2014/11/18 1:59 a.m.35 views

CVE-2014-7992

The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.

5CVSS6.3AI score0.61221EPSS
CVE
CVE
added 2015/02/12 1:59 a.m.35 views

CVE-2015-0608

Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cis...

7.1CVSS6.8AI score0.00616EPSS
CVE
CVE
added 2016/09/18 10:59 p.m.35 views

CVE-2016-6404

Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854.

6.1CVSS6AI score0.00296EPSS
CVE
CVE
added 2016/12/14 12:59 a.m.35 views

CVE-2016-6473

A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCux07028. Known Affected Releases: 15.2(3)E. Known Fixed Releases: 12.2(50)SE4 12.2(50)SE5 12.2(50)SQ5...

6.5CVSS6.3AI score0.00217EPSS
CVE
CVE
added 2016/12/14 12:59 a.m.35 views

CVE-2016-6474

A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. More Information: CSCuv89417. Known Affected Releases: 15.5(2.25)T. Known Fi...

7.3CVSS7.4AI score0.00315EPSS
CVE
CVE
added 2012/05/02 10:9 a.m.34 views

CVE-2011-4007

Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576.

5.4CVSS6.9AI score0.00427EPSS
CVE
CVE
added 2012/05/03 8:55 p.m.34 views

CVE-2012-1324

Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534.

7.1CVSS6.8AI score0.00309EPSS
CVE
CVE
added 2012/09/16 10:34 a.m.34 views

CVE-2012-3915

The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602.

5CVSS6.8AI score0.00474EPSS
CVE
CVE
added 2012/09/27 12:55 a.m.34 views

CVE-2012-4619

The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123.

7.8CVSS6.8AI score0.00602EPSS
CVE
CVE
added 2014/04/23 11:52 a.m.34 views

CVE-2012-5036

Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662.

6.8CVSS6.4AI score0.00363EPSS
CVE
CVE
added 2014/04/23 11:52 a.m.34 views

CVE-2012-5039

The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.

4.3CVSS6.7AI score0.00443EPSS
CVE
CVE
added 2013/04/24 10:28 a.m.34 views

CVE-2013-1217

The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105.

6.8CVSS6.4AI score0.00363EPSS
CVE
CVE
added 2013/09/27 10:8 a.m.34 views

CVE-2013-5474

Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812.

7.8CVSS6.8AI score0.0033EPSS
CVE
CVE
added 2013/10/25 3:52 a.m.34 views

CVE-2013-5522

Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.

6.8CVSS6.7AI score0.0008EPSS
CVE
CVE
added 2015/03/06 3:0 a.m.34 views

CVE-2015-0607

The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connect...

4.3CVSS7AI score0.00264EPSS
CVE
CVE
added 2016/07/03 9:59 p.m.34 views

CVE-2016-1425

Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735.

6.5CVSS6.3AI score0.00304EPSS
CVE
CVE
added 2016/12/14 12:59 a.m.34 views

CVE-2016-9201

A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed...

7.5CVSS7.6AI score0.01253EPSS
CVE
CVE
added 2011/01/07 7:0 p.m.33 views

CVE-2010-4686

CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb...

7.8CVSS6.9AI score0.00851EPSS
CVE
CVE
added 2012/05/02 10:9 a.m.33 views

CVE-2011-4015

Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300.

5CVSS6.9AI score0.00474EPSS
CVE
CVE
added 2014/04/23 11:52 a.m.33 views

CVE-2012-0360

Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

5CVSS6.8AI score0.00771EPSS
CVE
CVE
added 2014/04/23 11:52 a.m.33 views

CVE-2012-5037

The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133.

4.6CVSS6.6AI score0.00085EPSS
CVE
CVE
added 2015/03/06 3:0 a.m.33 views

CVE-2015-0598

The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693.

6.8CVSS6.8AI score0.00363EPSS
CVE
CVE
added 2015/06/20 2:59 p.m.33 views

CVE-2015-4202

Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CS...

5CVSS6.5AI score0.00447EPSS
CVE
CVE
added 2015/06/23 2:59 p.m.33 views

CVE-2015-4203

Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396.

5.4CVSS6.8AI score0.0066EPSS
CVE
CVE
added 2016/03/24 10:59 p.m.33 views

CVE-2016-1347

The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.

7.8CVSS7.2AI score0.04316EPSS
CVE
CVE
added 2007/10/18 8:17 p.m.32 views

CVE-2007-5548

Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is ...

6.9CVSS6.9AI score0.00076EPSS
CVE
CVE
added 2008/09/18 8:0 p.m.32 views

CVE-2008-4128

Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "ali...

9.3CVSS8AI score0.01525EPSS
CVE
CVE
added 2013/11/18 3:55 a.m.32 views

CVE-2013-6686

The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.

6.8CVSS6.4AI score0.00316EPSS
CVE
CVE
added 2013/12/03 7:56 p.m.32 views

CVE-2013-6705

The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.

6.1CVSS6.9AI score0.00349EPSS
CVE
CVE
added 2014/11/15 2:59 a.m.32 views

CVE-2014-7997

The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was in...

6.1CVSS6.8AI score0.00246EPSS
CVE
CVE
added 2015/02/12 1:59 a.m.32 views

CVE-2015-0606

The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696.

4.9CVSS6.4AI score0.00088EPSS
CVE
CVE
added 2015/02/16 12:59 a.m.32 views

CVE-2015-0609

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling ...

7.1CVSS6.8AI score0.00616EPSS
Total number of security vulnerabilities612