Page 10 of 110 results (0.007 seconds)

CVSS: 7.1EPSS: 0%CPEs: 143EXPL: 0

A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: (1) the device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured); and (2) the device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload. • http://www.securityfocus.com/bid/96971 http://www.securitytracker.com/id/1038065 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6 • CWE-20: Improper Input Validation •

CVSS: 7.4EPSS: 0%CPEs: 161EXPL: 0

A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: (1) running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature; (2) configured as an autonomic registrar; (3) has a whitelist configured. An exploit could allow the attacker to cause the affected device to reload. Note: Autonomic networking should be configured with a whitelist. • http://www.securityfocus.com/bid/96972 http://www.securitytracker.com/id/1038064 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani • CWE-20: Improper Input Validation •

CVSS: 8.3EPSS: 0%CPEs: 3334EXPL: 0

The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532. El redireccionador de DNS en Cisco IOS 12.0 hasta la versión 12.4 y 15.0 hasta la versión 15.6 e IOS XE 3.1 hasta la versión 3.15 permite a atacantes remotos obtener información sensible de la memoria del proceso o provocar una denegación de servicio (corrupción de datos o reinicio del dispositivo) a través de una respuesta DNS manipulada, vulnerabilidad también conocida como Bug ID CSCup90532. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns http://www.securityfocus.com/bid/93201 http://www.securitytracker.com/id/1036914 https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 83EXPL: 0

Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853. Cisco IOS XE 3.1 hasta la versión 3.17 y 16.1 hasta la versión 16.2 permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) a través de paquetes ICMP manipulados que requieren NAT, vulnerabilidad también conocida como Bug ID CSCuw85853. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-esp-nat http://www.securityfocus.com/bid/93200 http://www.securitytracker.com/id/1036914 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 708EXPL: 0

Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka Bug ID CSCuy47382. Cisco IOS 12.4 y 15.0 hasta la versión 15.6 y IOS XE 3.1 hasta la versión 3.18 y 16.1 permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria y recarga de dispositivo) a través paquetes IKEv1 fragmentados, vulnerabilidad también conocida como Bug ID CSCuy47382. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1 http://www.securityfocus.com/bid/93195 http://www.securitytracker.com/id/1036914 • CWE-399: Resource Management Errors •