CVSS: 9.0EPSS: 27%CPEs: 3EXPL: 4CVE-2017-6736 – Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-6736
17 Jul 2017 — The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabil... • https://packetstorm.news/files/id/145727 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 376EXPL: 0CVE-2017-3863
https://notcve.org/view.php?id=CVE-2017-3863
20 Apr 2017 — Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by... • http://www.securityfocus.com/bid/97935 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 376EXPL: 0CVE-2017-3861
https://notcve.org/view.php?id=CVE-2017-3861
20 Apr 2017 — Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by... • http://www.securityfocus.com/bid/97935 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 376EXPL: 0CVE-2017-3860
https://notcve.org/view.php?id=CVE-2017-3860
20 Apr 2017 — Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by... • http://www.securityfocus.com/bid/97935 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 376EXPL: 0CVE-2017-3862
https://notcve.org/view.php?id=CVE-2017-3862
20 Apr 2017 — Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by... • http://www.securityfocus.com/bid/97935 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3857 – Cisco Security Advisory 20170322-l2tp
https://notcve.org/view.php?id=CVE-2017-3857
22 Mar 2017 — A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resu... • http://www.securityfocus.com/bid/97010 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2017-3864 – Cisco Security Advisory 20170322-dhcpc
https://notcve.org/view.php?id=CVE-2017-3864
22 Mar 2017 — A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected... • http://www.securityfocus.com/bid/97012 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 143EXPL: 0CVE-2017-3850
https://notcve.org/view.php?id=CVE-2017-3850
21 Mar 2017 — A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that s... • http://www.securityfocus.com/bid/96971 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 161EXPL: 0CVE-2017-3849
https://notcve.org/view.php?id=CVE-2017-3849
21 Mar 2017 — A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all th... • http://www.securityfocus.com/bid/96972 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 0%CPEs: 3334EXPL: 0CVE-2016-6380
https://notcve.org/view.php?id=CVE-2016-6380
05 Oct 2016 — The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532. El redireccionador de DNS en Cisco IOS 12.0 hasta la versión 12.4 y 15.0 hasta la versión 15.6 e IOS XE 3.1 hasta la versión 3.15 permite a atacantes remotos obtener información sensible de la memoria del proceso o provoca... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns • CWE-20: Improper Input Validation •