CVSS: 9.0EPSS: 2%CPEs: 67EXPL: 0CVE-2009-0628
https://notcve.org/view.php?id=CVE-2009-0628
Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak. Fuga de memoria en la funcionalidad SSLVPN en Cisco IOS v12.3 hasta v12.4 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del dispositivo) mediante la conexión de una sesión SSL de forma anormal, precedida de una pérdida de bloque de control de transmisión (TCB). • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021896 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90424.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34239 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49427 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12092 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 2%CPEs: 67EXPL: 0CVE-2009-0633
https://notcve.org/view.php?id=CVE-2009-0633
Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220. Múltiples vulnerabilidades no especificadas en (1) la funcionalidad Mobile IP NAT Traversal y (2) el subsistema Mobile IPv6 en Cisco IOS v12.3 hasta v12.4 permite a atacantes remotos provocar una denegación de servicio (presión en la cola de entrada y parada del interfaz) mediante paquetes MIPv6, conocido como Bug ID CSCsm97220. • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021898 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a9042f.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34241 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12290 •
CVSS: 7.1EPSS: 2%CPEs: 67EXPL: 0CVE-2009-0634
https://notcve.org/view.php?id=CVE-2009-0634
Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337. Múltiples vulnerabilidades no especificadas en la implementación del agente "home" (HA) en (1) la funcionalida de Mobile IP NAT Traversal y (2) el subsistema Mobile IPv6 en Cisco IOS v12.3 hasta v12.4 permite a atacantes remotos provocar una denegación de servicio (presión en la cola de entrada y parada del interfaz) mediante un paquete ICMP, conocido como Bug ID CSCso05337. • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021898 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a9042f.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34241 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49424 https://exchange.xforce.ibmcloud.com/vulnerabilities/49585 https://oval.cisecurity.org/repository/search/definition/oval% •
CVSS: 10.0EPSS: 97%CPEs: 165EXPL: 2CVE-2008-0960 – SNMPv3 - HMAC Validation error Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-0960
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. Una comprobación SNMPv3 HMAC en (1) Net-SNMP versión 5.2.x anterior a 5.2.4.1, versión 5.3.x anterior a 5.3.2.1 y versión 5.4.x anterior a 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) C-series versión 1.0.0 hasta 2.0.0 de Juniper Session and Resource Control (SRC); (5) Data de NetApp (también se conoce como Network Appliance) ONTAP versiones 7.3RC1 y 7.3RC2; (6) SNMP Research versión anterior a 16.2; (7) múltiples productos Cisco IOS, CatOS, ACE y Nexus; (8) Ingate Firewall versión 3.1.0 y posterior y SIParator versión 3.1.0 y posterior; (9) HP OpenView SNMP Emanate Master Agent versión 15.x; y posiblemente otros productos dependen del cliente para especificar la longitud del HMAC, lo que facilita que los atacantes remotos omitan la autenticación SNMP por medio de un valor de longitud de 1, que solo comprueba el primer byte. • https://www.exploit-db.com/exploits/5790 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.ingate.com/pipermail/productinfo/2008/000021.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html http://marc.info/?l=bugtraq&m=127730470825399&w=2 http://rhn.redhat.com/errata/RHSA-2008-0528.html http://secunia.com/advisories/30574 http://secunia.com/advisories/30596 http://secunia.com/advisories/30612 http://secunia.c • CWE-287: Improper Authentication •
CVSS: 5.1EPSS: 1%CPEs: 4EXPL: 0CVE-2008-1156
https://notcve.org/view.php?id=CVE-2008-1156
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. Vulnerabilidad no especificada en la implementación de la Red Privada Virtual Multicast (MVPN) en Cisco IOS 12.0, 12.2, 12.3, y 12.4 permite a atacantes remotos crear "estados multicast extra en los routers core" a través de mensajes Multicast Distribution Tree (MDT) Data Join manipulados. • http://secunia.com/advisories/29507 http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml http://www.securityfocus.com/bid/28464 http://www.securitytracker.com/id?1019715 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41468 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5648 • CWE-16: Configuration CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •