CVE-2010-4671
https://notcve.org/view.php?id=CVE-2010-4671
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534. La implementación del protocolo Neighbor Discovery (ND) en la pila de IPv6 en Cisco IOS anterior a v15.0(1)XA5 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y bloqueo de dispositivo) mediante el envío de muchos mensajes Router Advertisement (AR) con distintas direcciones origen, como demostró el programa flood_router6 en el paquete thc-ipv6, también conocido como ID de error CSCti33534 • http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3 http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4 http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf http://www.securityfocus.com/bid/45760 http://www.youtube.com/watch?v=00yjWB6gGy8 https://exchange.xforce.ibmcloud.com/vulnerabilities/64589 • CWE-400: Uncontrolled Resource Consumption •
CVE-2008-1150
https://notcve.org/view.php?id=CVE-2008-1150
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309. La componente red privada virtual dial-up (VPDN) de Cisco IOS versiones anteriores a 12.3 permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de una serie de sesiones PPTP, en relación con la persistencia de las estructuras de datos de la interfaz de descriptor de bloque (BID) después de la terminación proceso, también conocido como bug CSCdv59309 ID. • http://secunia.com/advisories/29507 http://securitytracker.com/id?1019714 http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml http://www.securityfocus.com/bid/28460 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41484 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5598 • CWE-399: Resource Management Errors •
CVE-2008-1151
https://notcve.org/view.php?id=CVE-2008-1151
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566. Fugas de memoria en la componente de red privada virtual dial-up (VPDN) en Cisco IOS versiones anteriores a 12.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de una serie de sesiones PPTP, en relación a "dead memory" que permanece asignado después de la finalización del proceso, también conocido como bug ID CSCsj58566. • http://secunia.com/advisories/29507 http://securitytracker.com/id?1019714 http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml http://www.securityfocus.com/bid/28460 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41483 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5287 • CWE-399: Resource Management Errors •
CVE-2007-0199
https://notcve.org/view.php?id=CVE-2007-0199
The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange." La propiedad Data-link Switching (DLSw) en Cisco IOS 11.0 hata 12.4 permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) mediante "un valor inválido en un mensaje DLSw... durante el intercambio de habilidades". • http://osvdb.org/32683 http://secunia.com/advisories/23697 http://securitytracker.com/id?1017498 http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml http://www.securityfocus.com/bid/21990 http://www.vupen.com/english/advisories/2007/0139 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5714 •
CVE-2006-4950
https://notcve.org/view.php?id=CVE-2006-4950
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. Cisco IOS 12.2 hasta 12.4 anteriores al 20/09/2006, usados por Cisco IAD2430, IAD2431, y IAD2432 Integrated Access Devices, el VG224 Analog Phone Gateway, y el MWR 1900 y 1941 Mobile Wireless Edge Routers, está identificado de forma incorrecta como soporte DOCSIS, lo que permiet a un atacante remoto conseguir acceso lectura-escritura a través de una secuencia de hard-coded cable-docsis y leer o modificar variables SNMP de su elección. • http://secunia.com/advisories/21974 http://securitytracker.com/id?1016899 http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml http://www.kb.cert.org/vuls/id/123140 http://www.osvdb.org/29034 http://www.securityfocus.com/bid/20125 http://www.vupen.com/english/advisories/2006/3722 https://exchange.xforce.ibmcloud.com/vulnerabilities/29054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5665 •