CVE-2003-0512
https://notcve.org/view.php?id=CVE-2003-0512
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge. Cisco IOS 12.2 y anteriores genera un mensaje "% Login Invalid" en vez de solicitar una contraseña cuando se suministra un nombre de usuario inválido, lo que permite a atacantes remotos identificar nombres de usuario válidos e intentar averiguar la contraseña con métodos de fuerza bruta, como ha informado Aironet Bridge. • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0056.html http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml http://www.kb.cert.org/vuls/id/886796 http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5824 • CWE-310: Cryptographic Issues •
CVE-2003-0567 – Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service
https://notcve.org/view.php?id=CVE-2003-0567
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full. Cisco IOS 11.x y 12.0 a 12.2 permite a atacantes remotos causar una denegación de servicio (bloqueo de tráfico) enviando una cierta secuencia de paquetes IPv4 a una interfaz del dispositivo, causando que la cola de entrada de ese interfaz sea marcada como llena. • https://www.exploit-db.com/exploits/60 https://www.exploit-db.com/exploits/59 https://www.exploit-db.com/exploits/62 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006743.html http://www.cert.org/advisories/CA-2003-15.html http://www.cert.org/advisories/CA-2003-17.html http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml http://www.kb.cert.org/vuls/id/411332 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre& • CWE-20: Improper Input Validation •
CVE-2003-0305
https://notcve.org/view.php?id=CVE-2003-0305
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967. El Service Assurance Agent (SAA) en Cisco IOS 12.0 hasta 12.2, también llamado Reponse Time Reporter (RTR), permite que atacantes remotos provoquen una denegación de servicio (caída) mediante paquetes RTR mal construidos para el puerto 1967. • http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5608 •
CVE-2003-0100 – Cisco IOS 11/12 - OSPF Neighbor Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0100
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. Cisco IOS 11.2.x a 12.0.x permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar comandos mediante un número grande de de anuncios de vecindad OSPF. • https://www.exploit-db.com/exploits/22271 http://marc.info/?l=bugtraq&m=104576100719090&w=2 http://marc.info/?l=bugtraq&m=104587206702715&w=2 http://www.iss.net/security_center/static/11373.php http://www.securityfocus.com/bid/6895 •
CVE-2002-1706
https://notcve.org/view.php?id=CVE-2002-1706
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. • http://www.cisco.com/warp/public/707/cmts-MD5-bypass-pub.shtml http://www.securityfocus.com/bid/5041 https://exchange.xforce.ibmcloud.com/vulnerabilities/9368 • CWE-347: Improper Verification of Cryptographic Signature •