CVSS: 10.0EPSS: 2%CPEs: 228EXPL: 0CVE-2006-4950
https://notcve.org/view.php?id=CVE-2006-4950
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. Cisco IOS 12.2 hasta 12.4 anteriores al 20/09/2006, usados por Cisco IAD2430, IAD2431, y IAD2432 Integrated Access Devices, el VG224 Analog Phone Gateway, y el MWR 1900 y 1941 Mobile Wireless Edge Routers, está identificado de forma incorrecta como soporte DOCSIS, lo que permiet a un atacante remoto conseguir acceso lectura-escritura a través de una secuencia de hard-coded cable-docsis y leer o modificar variables SNMP de su elección. • http://secunia.com/advisories/21974 http://securitytracker.com/id?1016899 http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml http://www.kb.cert.org/vuls/id/123140 http://www.osvdb.org/29034 http://www.securityfocus.com/bid/20125 http://www.vupen.com/english/advisories/2006/3722 https://exchange.xforce.ibmcloud.com/vulnerabilities/29054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5665 •
CVSS: 2.6EPSS: 5%CPEs: 225EXPL: 2CVE-2005-3921
https://notcve.org/view.php?id=CVE-2005-3921
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers. • http://secunia.com/advisories/17780 http://secunia.com/advisories/18528 http://securityreason.com/securityalert/227 http://securitytracker.com/id?1015275 http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml http://www.idefense.com/intelligence/vulnerabilities/display.php?id=372 http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html http://www.securityfocus.com/archive/1/417916/100/0/threaded http://www.securityfocus.com/bid/15602 http://www.securit •
CVSS: 5.9EPSS: 1%CPEs: 1EXPL: 0CVE-2004-1464 – Cisco IOS Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2004-1464
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port. Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device. • http://secunia.com/advisories/12395 http://securitytracker.com/id?1011079 http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml http://www.kb.cert.org/vuls/id/384230 http://www.securityfocus.com/bid/11060 https://exchange.xforce.ibmcloud.com/vulnerabilities/17131 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0647 – Cisco IOS 12.x/11.x - HTTP Remote Integer Overflow
https://notcve.org/view.php?id=CVE-2003-0647
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. Desbordamiento de búfer en el servidor HTTP de Cisco IOS 12.2 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante una petición HTTP GET extremadamente larga (2GB). • https://www.exploit-db.com/exploits/77 http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml http://www.kb.cert.org/vuls/id/579324 •
CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0CVE-2001-0650
https://notcve.org/view.php?id=CVE-2001-0650
Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute. • http://ciac.llnl.gov/ciac/bulletins/l-082.shtml http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml http://www.kb.cert.org/vuls/id/106392 http://www.osvdb.org/1830 http://www.securityfocus.com/bid/2733 https://exchange.xforce.ibmcloud.com/vulnerabilities/6566 •