9 matches found
CVE-2007-2688
The CVE-2007-2688 issue affects Cisco’s Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set. The vulnerability arises from improper handling of certain full-width and half-width Unicode encodings, which could allow remote attackers to evade detection of HTTP traffic. What’s af...
CVE-2014-0718
Cisco IPS Software is affected by CVE-2014-0718: when the produce-verbose-alert action is enabled, the Analysis Engine can be DoS’d by specially crafted fragmented packets. Affects Cisco IPS Software 7.1 up to 7.1(8)E4 and 7.2 up to 7.2(2)E4. Root cause is improper handling of fragmented packets ...
CVE-2014-0720
Cisco IPS Software is affected by CVE-2014-0720, where unauthenticated remote attackers can cause a denial of service by flooding the device with jumbo frames, leading to an Analysis Engine process outage. The issue is part of multiple DoS vulnerabilities in Cisco IPS Software 7.1/7.2 prior to th...
CVE-2014-0719
Cisco IPS Software contains a denial-of-service vulnerability (CVE-2014-0719) in the control-plane MainApp. The flaw arises from improper handling of malformed TCP packets sent to the management interface on port 7000, allowing remote unauthenticated attackers to cause the MainApp process outage....
CVE-2006-3596
CVE-2006-3596 affects Cisco IPS 5.1(1)–5.1(p1) on various 42xx appliances, where the Intel-based gigabit NIC driver can be triggered by a crafted IP packet to cause a kernel panic and potential network outage (denial of service). The vulnerability is rooted in the device driver used by Intel-base...
CVE-2005-2681
Cisco Intrusion Prevention System (IPS) 5.0(1) and 5.0(2) contains an unspecified vulnerability in its command line processing (CLI) logic that could allow local users with OPERATOR or VIEWER privileges to gain additional privileges via unknown vectors. The exact root cause is not publicly detail...
CVE-2006-4910
The CVE affects Cisco IDS/IPS web administration interfaces. Specifically, Cisco IDS before 4.1(5c) and Cisco IPS before 5.0(6p1) and 5.1 before 5.1(2) are vulnerable to a denial-of-service via a crafted SSLv2 Client Hello that causes the mainApp web management process to become unresponsive. The...
CVE-2015-0631
Cisco IPS CVE-2015-0631 is a race-condition vulnerability in the SSL/TLS subsystem used by the web management interface. During image upgrading, key/certificate regeneration can be disrupted by a rapid sequence of HTTPS connections to the management interface, allowing a remote attacker to cause ...
CVE-2006-4911
The CVE-2006-4911 issue affects Cisco IPS, specifically versions prior to 5.0(6p2) and 5.1 prior to 5.1(2) when deployed in inline or promiscuous mode. A crafted sequence of fragmented IP packets could bypass traffic inspection, enabling attackers to pass malicious traffic without detection. Reme...