Page 105 of 546 results (0.010 seconds)

CVSS: 9.3EPSS: 84%CPEs: 91EXPL: 7

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. • https://www.exploit-db.com/exploits/20975 https://www.exploit-db.com/exploits/20976 https://www.exploit-db.com/exploits/20977 https://www.exploit-db.com/exploits/20978 http://www.cert.org/advisories/CA-2001-14.html http://www.ciac.org/ciac/bulletins/l-106.shtml http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html http://www.osvdb.org/578 http://www.securityfocus.com/archive/1/1601227034.20010702112207%40olympos.org http://www.securityfocus.com/archive/1/ • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0

PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. • http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html http://www.kb.cert.org/vuls/id/656315 http://www.osvdb.org/802 http://www.securityfocus.com/bid/3022 https://exchange.xforce.ibmcloud.com/vulnerabilities/6835 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. • https://www.exploit-db.com/exploits/19522 http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. Classic Cisco IOD 9.1 y anteriores permite a atacantes con acceso al inductor de login obtener porciones de la historia de comandos de usuarios anteriores, lo que puede permitir al atacante obtener datos sensibles. • http://www.ciac.org/ciac/bulletins/j-009.shtml http://www.cisco.com/warp/public/770/ioshist-pub.shtml • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. • http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml http://www.kb.cert.org/vuls/id/840665 https://exchange.xforce.ibmcloud.com/vulnerabilities/6180 •