CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16026 – Cisco Mobility Management Entity Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-16026
26 Jan 2020 — A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 8EXPL: 0CVE-2018-0273
https://notcve.org/view.php?id=CVE-2018-0273
19 Apr 2018 — A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability b... • http://www.securityfocus.com/bid/103935 • CWE-399: Resource Management Errors •
CVSS: 8.2EPSS: 0%CPEs: 58EXPL: 0CVE-2017-6707
https://notcve.org/view.php?id=CVE-2017-6707
06 Jul 2017 — A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands b... • http://www.securityfocus.com/bid/99462 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •