Ios Security Vulnerabilities and Issues — Ios CVE List

Lucene search

CiscoIos

9 matches found

CVE•added 2016/09/19 1:59 a.m.•574 views

CVE-2016-6415

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bu...

7.5CVSS7.2AI score0.92948EPSS

CVE•added 2016/09/22 5:59 p.m.•45 views

CVE-2014-2146

The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these se...

6.5CVSS6.6AI score0.00226EPSS

CVE•added 2016/09/18 10:59 p.m.•45 views

CVE-2016-6403

The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912.

5.9CVSS5.6AI score0.00563EPSS

CVE•added 2016/09/24 1:59 a.m.•39 views

CVE-2016-6409

The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015.

7.5CVSS7.3AI score0.00686EPSS

CVE•added 2016/09/18 10:59 p.m.•35 views

CVE-2016-6404

Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854.

6.1CVSS6AI score0.00296EPSS

CVE•added 2016/09/12 10:59 a.m.•31 views

CVE-2016-6398

The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274.

5.3CVSS5AI score0.00273EPSS

CVE•added 2016/09/24 1:59 a.m.•30 views

CVE-2016-6410

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856.

6.8CVSS6.1AI score0.00308EPSS

CVE•added 2016/09/24 1:59 a.m.•30 views

CVE-2016-6412

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773.

6.5CVSS6.4AI score0.00149EPSS

CVE•added 2016/09/22 10:59 p.m.•29 views

CVE-2016-6414

iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.

7.8CVSS7.8AI score0.00222EPSS