CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3820
https://notcve.org/view.php?id=CVE-2017-3820
A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3. Una vulnerabilidad en funciones Simple Network Management Protocol (SNMP) de Cisco ASR 1000 Series Aggregation Services Routers que ejecutan Cisco IOS XE Software Release 3.13.6S, 3.16.2S, o 3.17.1S podría permitir a un atacante remoto no autenticado provocar elevado uso de CPU en un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • http://www.securityfocus.com/bid/95934 http://www.securitytracker.com/id/1037770 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp • CWE-665: Improper Initialization •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2016-6438
https://notcve.org/view.php?id=CVE-2016-6438
A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following releases of Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers: All 3.16S releases, All 3.17S releases, Release 3.18.0S, Release 3.18.1S, Release 3.18.0SP. More Information: CSCuz62815. Known Affected Releases: 15.5(3)S2.9, 15.6(2)SP. Known Fixed Releases: 15.6(1.7)SP1, 16.4(0.183), 16.5(0.1). • http://www.securityfocus.com/bid/93518 http://www.securitytracker.com/id/1037003 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 169EXPL: 0CVE-2016-6382
https://notcve.org/view.php?id=CVE-2016-6382
Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) register packet, aka Bug ID CSCuy16399. Cisco IOS 15.2 hasta la versión 15.6 e IOS XE 3.6 hasta la versión 3.17 y 16.1 permiten a atacantes remotos provocar una denegación de servicio (reinicio del dispositivo) a través de un paquete de registro IPv6 Protocol Independent Multicast (PIM) mal formado, vulnerabilidad también conocida como Bug ID CSCuy16399. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp http://www.securityfocus.com/bid/93211 http://www.securitytracker.com/id/1036914 https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 708EXPL: 0CVE-2016-6381
https://notcve.org/view.php?id=CVE-2016-6381
Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka Bug ID CSCuy47382. Cisco IOS 12.4 y 15.0 hasta la versión 15.6 y IOS XE 3.1 hasta la versión 3.18 y 16.1 permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria y recarga de dispositivo) a través paquetes IKEv1 fragmentados, vulnerabilidad también conocida como Bug ID CSCuy47382. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1 http://www.securityfocus.com/bid/93195 http://www.securitytracker.com/id/1036914 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2146
https://notcve.org/view.php?id=CVE-2014-2146
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. La funcionalidad Zone-Based Firewall (ZBFW) en Cisco IOS, posiblemente 15.4 y versiones anteriores e IOS XE, posiblemente 3.13 y versiones anteriores, no maneja adecuadamente la zona de comprobación de las sesiones existentes, lo que permite a atacantes remotos eludir las restricciones de acceso a los recursos intencionadas a través de tráfico suplantado que coincide con una de estas sesiones, vulnerabilidad también conocida como Bug IDs CSCun94946 y CSCun96847. • http://www.securityfocus.com/bid/93126 https://tools.cisco.com/security/center/viewAlert.x?alertId=39129 • CWE-20: Improper Input Validation •