Page 11 of 55 results (0.018 seconds)

CVSS: 7.1EPSS: 2%CPEs: 67EXPL: 0

Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220. Múltiples vulnerabilidades no especificadas en (1) la funcionalidad Mobile IP NAT Traversal y (2) el subsistema Mobile IPv6 en Cisco IOS v12.3 hasta v12.4 permite a atacantes remotos provocar una denegación de servicio (presión en la cola de entrada y parada del interfaz) mediante paquetes MIPv6, conocido como Bug ID CSCsm97220. • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021898 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a9042f.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34241 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12290 •

CVSS: 10.0EPSS: 97%CPEs: 165EXPL: 2

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. Una comprobación SNMPv3 HMAC en (1) Net-SNMP versión 5.2.x anterior a 5.2.4.1, versión 5.3.x anterior a 5.3.2.1 y versión 5.4.x anterior a 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) C-series versión 1.0.0 hasta 2.0.0 de Juniper Session and Resource Control (SRC); (5) Data de NetApp (también se conoce como Network Appliance) ONTAP versiones 7.3RC1 y 7.3RC2; (6) SNMP Research versión anterior a 16.2; (7) múltiples productos Cisco IOS, CatOS, ACE y Nexus; (8) Ingate Firewall versión 3.1.0 y posterior y SIParator versión 3.1.0 y posterior; (9) HP OpenView SNMP Emanate Master Agent versión 15.x; y posiblemente otros productos dependen del cliente para especificar la longitud del HMAC, lo que facilita que los atacantes remotos omitan la autenticación SNMP por medio de un valor de longitud de 1, que solo comprueba el primer byte. • https://www.exploit-db.com/exploits/5790 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.ingate.com/pipermail/productinfo/2008/000021.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html http://marc.info/?l=bugtraq&m=127730470825399&w=2 http://rhn.redhat.com/errata/RHSA-2008-0528.html http://secunia.com/advisories/30574 http://secunia.com/advisories/30596 http://secunia.com/advisories/30612 http://secunia.c • CWE-287: Improper Authentication •

CVSS: 5.1EPSS: 1%CPEs: 4EXPL: 0

Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. Vulnerabilidad no especificada en la implementación de la Red Privada Virtual Multicast (MVPN) en Cisco IOS 12.0, 12.2, 12.3, y 12.4 permite a atacantes remotos crear "estados multicast extra en los routers core" a través de mensajes Multicast Distribution Tree (MDT) Data Join manipulados. • http://secunia.com/advisories/29507 http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml http://www.securityfocus.com/bid/28464 http://www.securitytracker.com/id?1019715 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41468 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5648 • CWE-16: Configuration CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 1%CPEs: 4EXPL: 1

Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. Cisco IOS versiones 12.1, 12.2, 12.3 y 12.4, con servicios UDP de IPv4 y el protocolo IPv6 habilitado, permite a los atacantes remotos causar una denegación de servicio (bloqueo del dispositivo y posible interfaz bloqueada) por medio de un paquete IPv6 diseñado para el dispositivo. • http://secunia.com/advisories/29507 http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml http://www.kb.cert.org/vuls/id/936177 http://www.securityfocus.com/bid/28461 http://www.securitytracker.com/id?1019713 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41475 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3 •

CVSS: 7.8EPSS: 2%CPEs: 271EXPL: 0

The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets. El componente data-link switching (DLSw) en Cisco IOS 12.0 hasta 12.4 permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo o consumo de memoria) a través de 91 paquetes manipulados del (1) puerto UDP 2067 o (2) protocolo IP. • http://secunia.com/advisories/29507 http://www.cisco.com/en/US/products/products_security_advisory09186a0080969866.shtml http://www.securityfocus.com/bid/28465 http://www.securitytracker.com/id?1019712 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41482 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5821 • CWE-399: Resource Management Errors •