CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0475 – Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0475
05 Oct 2018 — A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to... • http://www.securityfocus.com/bid/105404 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 6%CPEs: 2EXPL: 0CVE-2018-0485 – Cisco IOS and IOS XE Software SM-1T3/E3 Service Module Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0485
05 Oct 2018 — A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of user input. An attacker could exploit this vulnerability by first connecting to the SM-1T3/E3 modu... • http://www.securityfocus.com/bid/105433 • CWE-19: Data Processing Errors CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0131
https://notcve.org/view.php?id=CVE-2018-0131
14 Aug 2018 — A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could al... • http://www.securityfocus.com/bid/105074 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0255
https://notcve.org/view.php?id=CVE-2018-0255
19 Apr 2018 — A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the device manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the ... • http://www.securitytracker.com/id/1040715 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.6EPSS: 15%CPEs: 15EXPL: 0CVE-2018-0155 – Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0155
28 Mar 2018 — A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected swi... • http://www.securityfocus.com/bid/103565 • CWE-388: 7PK - Errors CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 16%CPEs: 298EXPL: 0CVE-2018-0156 – Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0156
28 Mar 2018 — A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install... • http://www.securityfocus.com/bid/103569 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 8.6EPSS: 15%CPEs: 59EXPL: 0CVE-2018-0158 – Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability
https://notcve.org/view.php?id=CVE-2018-0158
28 Mar 2018 — A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected d... • http://www.securityfocus.com/bid/103566 • CWE-20: Improper Input Validation CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 6%CPEs: 26EXPL: 0CVE-2018-0159 – Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0159
28 Mar 2018 — A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could all... • http://www.securityfocus.com/bid/103562 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 2%CPEs: 15EXPL: 0CVE-2018-0161 – Cisco IOS Software Resource Management Errors Vulnerability
https://notcve.org/view.php?id=CVE-2018-0161
28 Mar 2018 — A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vuln... • http://www.securityfocus.com/bid/103573 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 128EXPL: 0CVE-2018-0163
https://notcve.org/view.php?id=CVE-2018-0163
28 Mar 2018 — A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain a... • http://www.securityfocus.com/bid/103571 • CWE-287: Improper Authentication •