CVSS: 10.0EPSS: 97%CPEs: 323EXPL: 7CVE-2017-3881 – Cisco IOS and IOS XE Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3881
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. • https://www.exploit-db.com/exploits/41872 https://www.exploit-db.com/exploits/42122 https://github.com/homjxi0e/CVE-2017-3881-exploit-cisco- https://github.com/homjxi0e/CVE-2017-3881-Cisco https://github.com/1337g/CVE-2017-3881 https://github.com/mzakyz666/PoC-CVE-2017-3881 http://www.securityfocus.com/bid/96960 http://www.securityfocus.com/bid/97391 http://www.securitytracker.com/id/1038059 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3803
https://notcve.org/view.php?id=CVE-2017-3803
A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service (DoS) condition. More Information: CSCva72252. Known Affected Releases: 15.2(2)E3 15.2(4)E1. Known Fixed Releases: 15.2(2)E6 15.2(4)E3 15.2(5)E1 15.2(5.3.28i)E1 15.2(6.0.49i)E 3.9(1)E. Una vulnerabilidad en la cola de reenvío de Cisco IOS Software de los interruptores Cisco 2960X y 3750X podría permitir a un atacante adyacente no autenticado provocar una fuga de memoria en la cola de reenvío del software que podría conducir eventualmente a una condición de denegación de servicio (DoS) parcial. • http://www.securityfocus.com/bid/95632 http://www.securitytracker.com/id/1037657 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9201
https://notcve.org/view.php?id=CVE-2016-9201
A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed Releases: 15.6(2)T0.1 15.6(2.0.1a)T0 15.6(2.19)T 15.6(3)M. Una vulnerabilidad en la característica Zone-Based Firewall de Cisco IOS y Cisco IOS XE Software podría permitir a un atacante remoto no autenticado pasar tráfico que de otro modo se hubieran eliminado basado en la configuración. • http://www.securityfocus.com/bid/94811 http://www.securitytracker.com/id/1037419 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6473
https://notcve.org/view.php?id=CVE-2016-6473
A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCux07028. Known Affected Releases: 15.2(3)E. Known Fixed Releases: 12.2(50)SE4 12.2(50)SE5 12.2(50)SQ5 12.2(50)SQ6 12.2(50)SQ7 12.2(52)EY4 12.2(52)SE1 12.2(53)EX 12.2(53)SE 12.2(53)SE1 12.2(53)SE2 12.2(53)SG10 12.2(53)SG11 12.2(53)SG2 12.2(53)SG9 12.2(54)SG1 12.2(55)EX3 12.2(55)SE 12.2(55)SE1 12.2(55)SE10 12.2(55)SE2 12.2(55)SE3 12.2(55)SE4 12.2(55)SE5 12.2(55)SE6 12.2(55)SE7 12.2(55)SE8 12.2(55)SE9 12.2(58)EZ 12.2(58)SE1 12.2(58)SE2 12.2(60)EZ 12.2(60)EZ1 12.2(60)EZ2 12.2(60)EZ3 12.2(60)EZ4 12.2(60)EZ5 12.2(60)EZ6 12.2(60)EZ7 12.2(60)EZ8 15.0(1)EY2 15.0(1)SE 15.0(1)SE2 15.0(1)SE3 15.0(2)EA 15.0(2)EB 15.0(2)EC 15.0(2)ED 15.0(2)EH 15.0(2)EJ 15.0(2)EJ1 15.0(2)EK1 15.0(2)EX 15.0(2)EX1 15.0(2)EX3 15.0(2)EX4 15.0(2)EX5 15.0(2)EY 15.0(2)EY1 15.0(2)EY2 15.0(2)EZ 15.0(2)SE 15.0(2)SE1 15.0(2)SE2 15.0(2)SE3 15.0(2)SE4 15.0(2)SE5 15.0(2)SE6 15.0(2)SE7 15.0(2)SE9 15.0(2)SG10 15.0(2)SG3 15.0(2)SG6 15.0(2)SG7 15.0(2)SG8 15.0(2)SG9 15.0(2a)EX5 15.1(2)SG 15.1(2)SG1 15.1(2)SG2 15.1(2)SG3 15.1(2)SG4 15.1(2)SG5 15.1(2)SG6 15.2(1)E 15.2(1)E1 15.2(1)E2 15.2(1)E3 15.2(1)EY 15.2(2)E 15.2(2)E3 15.2(2b)E. Una vulnerabilidad en Cisco IOS en Catalyst Switches y Nexus 9300 Series Switches puede permitir a un atacante adyacente provocar una tormenta de red Layer 2. • http://www.securityfocus.com/bid/94815 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6422
https://notcve.org/view.php?id=CVE-2016-6422
Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized by a filter, aka Bug ID CSCuy64806. Cisco IOS 12.2(33)SXJ9 en los módulos Supervisor Engine 32 y 720 para dispositivos 6500 y 7600 no maneja adecuadamente ciertos operadores, indicadores y palabras clave en ACLs compartida con TCAM, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso por el envío de paquetes que deberían haber sido reconocidos por un filtro, vulnerabilidad también conocida como Bug ID CSCuy64806. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-catalyst http://www.securityfocus.com/bid/93404 http://www.securitytracker.com/id/1036954 • CWE-20: Improper Input Validation •