CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3409
https://notcve.org/view.php?id=CVE-2014-3409
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. La caracteristica del manejador Ethernet Connectivity Fault Management (CFM) en Cisco IOS 12.2(33)SRE9a y anteriores e IOS XE 3.13S y anteriores permite a atacantes remotos causar una denegación de servicio (recarga de dispositivo) a través de paquetes CFM malformados, también conocido como Bug ID CSCuq93406. • http://secunia.com/advisories/61799 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3409 http://tools.cisco.com/security/center/viewAlert.x?alertId=36184 http://www.securityfocus.com/bid/70715 http://www.securitytracker.com/id/1031119 https://exchange.xforce.ibmcloud.com/vulnerabilities/97758 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 34EXPL: 0CVE-2014-3359
https://notcve.org/view.php?id=CVE-2014-3359
Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed DHCPv6 packets, aka Bug ID CSCum90081. Fuga de información en Cisco IOS 15.1 hasta 15.4 y IOS XE 3.4.xS, 3.5.xS, 3.6.xS, y 3.7.xS anterior a 3.7.6S; 3.8.xS, 3.9.xS, y 3.10.xS anterior a 3.10.1S; y 3.11.xS anterior a 3.12S permite a atacantes remotos causar una denegación de servicio (consumo de memoria o recarga de dispositivo) a través de paquetes DHCPv6 malformados, también conocido como Bug ID CSCum90081. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6/cvrf/cisco-sa-20140924-dhcpv6_cvrf.xml http://www.securityfocus.com/bid/70140 http://www.securitytracker.com/id/1030895 https://exchange.xforce.ibmcloud.com/vulnerabilities/96177 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 46EXPL: 0CVE-2014-3360
https://notcve.org/view.php?id=CVE-2014-3360
Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCul46586. Cisco IOS 12.4 y 15.0 hasta 15.4 y IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, y 3.7.xS anterior a 3.7.6S; 3.8.xS, 3.9.xS, y 3.10.xS anterior a 3.10.1S; y 3.11.xS anterior a 3.12S permite a atacantes remotos causar una denegación de servicio (recarga de dispositivo) a través de un mensaje SIP manipulado, también conocido como Bug ID CSCul46586. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip/cvrf/cisco-sa-20140924-sip_cvrf.xml http://www.securityfocus.com/bid/70141 http://www.securitytracker.com/id/1030897 https://exchange.xforce.ibmcloud.com/vulnerabilities/96174 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3262
https://notcve.org/view.php?id=CVE-2014-3262
The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. La implementación Locator/ID Separation Protocol (LISP) en Cisco IOS 15.3(3)S y anteriores y IOS XE no valida debidamenete parámetros en mensajes de control ITR, lo que permite a atacantes remotos causar una denegación de servicio (interrupción de CEF y descargas de paquetes) a través de mensajes malformados, también conocido como Bug ID CSCun73782. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3262 http://tools.cisco.com/security/center/viewAlert.x?alertId=34233 http://www.securitytracker.com/id/1030243 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-3946
https://notcve.org/view.php?id=CVE-2012-3946
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682. Cisco IOS anterior a 15.3(2)S permite a atacantes remotos evadir restricciones ACL de interfaz en circunstancias oportunistas mediante el envío de paquetes IPv6 en un escenario no especificado en que descargas de paquetes esperados no suceden para "un porcentaje pequeño" de los paquetes, también conocido como Bug ID CSCty73682. • http://www.cisco.com/c/en/us/td/docs/ios/15_3s/release/notes/15_3s_rel_notes/15_3s_caveats_15_3_2s.html • CWE-264: Permissions, Privileges, and Access Controls •