Page 2 of 13 results (0.006 seconds)

CVSS: 7.5EPSS: 1%CPEs: 156EXPL: 0

The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. • http://secunia.com/advisories/18141 http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml http://www.osvdb.org/22193 http://www.securityfocus.com/archive/1/420020/100/0/threaded http://www.securityfocus.com/archive/1/420103/100/0/threaded http://www.securityfocus.com/bid/16025 •

CVSS: 5.0EPSS: 6%CPEs: 138EXPL: 0

Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. • http://jvn.jp/niscc/NISCC-273756/index.html http://secunia.com/advisories/17553 http://securitytracker.com/id?1015198 http://securitytracker.com/id?1015199 http://securitytracker.com/id?1015200 http://securitytracker.com/id?1015201 http://securitytracker.com/id? •

CVSS: 7.5EPSS: 4%CPEs: 75EXPL: 1

The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. • http://www.cert.org/advisories/CA-2003-06.html http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip http://www.kb.cert.org/vuls/id/528719 http://www.securityfocus.com/bid/6904 http://www.securitytracker.com/id?1006143 http://www.securitytracker.com/id?1006144 http://www.securitytracker.com/id?1006145 https://exchange.xforce.ibmcloud.com/vulnerabilities/11379 •

CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0

Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. Cisco PIX Firewall 5.x.x y 6.3.1 y anteriores, permite a atacantes remotos causar una denegación de servicio (caída y recarga) mediante un mensaje SNMPv3 cuando está activado snmp-server. • http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 0

Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS. • http://www.ciac.org/ciac/bulletins/n-017.shtml http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml http://www.iss.net/security_center/static/10661.php http://www.securityfocus.com/bid/6212 •