Ios Security Vulnerabilities and Issues — Ios CVE List

Lucene search

CiscoIos

10 matches found

CVE•added 2006/09/23 10:7 a.m.•71 views

CVE-2006-4950

Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-w...

10CVSS7.7AI score0.03386EPSS

CVE•added 2006/09/14 12:7 a.m.•53 views

CVE-2006-4775

The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context.

7.8CVSS6.5AI score0.05142EPSS

CVE•added 2006/07/27 10:4 p.m.•51 views

CVE-2006-3906

Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued tha...

5CVSS6.6AI score0.02852EPSS

CVE•added 2006/02/01 2:2 a.m.•46 views

CVE-2006-0486

Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cau...

4.6CVSS7AI score0.00099EPSS

CVE•added 2006/09/09 12:4 a.m.•45 views

CVE-2006-4650

Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers t...

2.6CVSS7AI score0.00488EPSS

CVE•added 2006/09/14 12:7 a.m.•45 views

CVE-2006-4774

The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2.

7.8CVSS6.5AI score0.04608EPSS

CVE•added 2006/06/28 11:5 p.m.•42 views

CVE-2006-3291

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote ...

9.3CVSS6.9AI score0.01141EPSS

CVE•added 2006/02/01 2:2 a.m.•41 views

CVE-2006-0485

The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that w...

4.6CVSS7AI score0.00135EPSS

CVE•added 2006/01/21 12:3 a.m.•40 views

CVE-2006-0340

Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet ...

7.1CVSS6.4AI score0.03022EPSS

CVE•added 2006/09/14 12:7 a.m.•35 views

CVE-2006-4776

Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement.

7.5CVSS8AI score0.21799EPSS