CVSS: 8.6EPSS: 0%CPEs: 615EXPL: 0CVE-2019-1737 – Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1737
A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device. Una vulnerabilidad en el procesamiento de los paquetes IP SLA (Service Level Agreement) de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque una cuña (wedge) en la interfaz y, finalmente, una denegación de servicio (DoS) en el dispositivo afectado. • http://www.securityfocus.com/bid/107604 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ipsla-dos • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2018-15377 – Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability
https://notcve.org/view.php?id=CVE-2018-15377
A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload. Una vulnerabilidad en el agente Cisco Network Plug and Play también llamado agente Cisco Open Plug-n-Play, de Cisco IOS Software y Cisco IOS XE Software podría permitir que un atacante remoto no autenticado provoque una fuga de memoria en un dispositivo afectado. • https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 1195EXPL: 0CVE-2018-0197 – Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0197
A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. • http://www.securityfocus.com/bid/105424 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-vtp • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 48EXPL: 0CVE-2018-0165
https://notcve.org/view.php?id=CVE-2018-0165
A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. • http://www.securityfocus.com/bid/103568 http://www.securitytracker.com/id/1040592 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp • CWE-399: Resource Management Errors CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 118EXPL: 0CVE-2018-0177
https://notcve.org/view.php?id=CVE-2018-0177
A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. • http://www.securityfocus.com/bid/103563 http://www.securitytracker.com/id/1040588 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4 • CWE-19: Data Processing Errors •