CVSS: 9.0EPSS: 0%CPEs: 112EXPL: 0CVE-2017-6741
https://notcve.org/view.php?id=CVE-2017-6741
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. • http://www.securityfocus.com/bid/99345 http://www.securitytracker.com/id/1038808 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 143EXPL: 0CVE-2017-3850
https://notcve.org/view.php?id=CVE-2017-3850
A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: (1) the device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured); and (2) the device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload. • http://www.securityfocus.com/bid/96971 http://www.securitytracker.com/id/1038065 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 161EXPL: 0CVE-2017-3849
https://notcve.org/view.php?id=CVE-2017-3849
A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: (1) running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature; (2) configured as an autonomic registrar; (3) has a whitelist configured. An exploit could allow the attacker to cause the affected device to reload. Note: Autonomic networking should be configured with a whitelist. • http://www.securityfocus.com/bid/96972 http://www.securitytracker.com/id/1038064 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2146
https://notcve.org/view.php?id=CVE-2014-2146
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. La funcionalidad Zone-Based Firewall (ZBFW) en Cisco IOS, posiblemente 15.4 y versiones anteriores e IOS XE, posiblemente 3.13 y versiones anteriores, no maneja adecuadamente la zona de comprobación de las sesiones existentes, lo que permite a atacantes remotos eludir las restricciones de acceso a los recursos intencionadas a través de tráfico suplantado que coincide con una de estas sesiones, vulnerabilidad también conocida como Bug IDs CSCun94946 y CSCun96847. • http://www.securityfocus.com/bid/93126 https://tools.cisco.com/security/center/viewAlert.x?alertId=39129 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6403
https://notcve.org/view.php?id=CVE-2016-6403
The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912. La aplicación Data in Motion (DMo) en Cisco IOS 15.6(1)T e IOS XE, cuando el conjunto de características IOx está activado, permite a atacantes remotos provocar una denegación de servicio a través de un paquete manipulado, vulnerabilidad también conocida como Bug IDs CSCuy82904, CSCuy82909 y CSCuy82912. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ios-xe http://www.securityfocus.com/bid/92960 http://www.securitytracker.com/id/1036833 • CWE-399: Resource Management Errors •