Page 28 of 144 results (0.049 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. • https://www.exploit-db.com/exploits/19522 http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml •

CVSS: 5.0EPSS: 0%CPEs: 201EXPL: 0

Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created. • http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml http://www.kb.cert.org/vuls/id/848944 https://exchange.xforce.ibmcloud.com/vulnerabilities/6178 •

CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0

Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets. • http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml http://www.osvdb.org/793 http://www.osvdb.org/798 http://www.securityfocus.com/bid/1541 •

CVSS: 2.1EPSS: 0%CPEs: 54EXPL: 1

The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command. • http://www.securityfocus.com/bid/1161 http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail%40securityfocus.com •

CVSS: 7.1EPSS: 96%CPEs: 39EXPL: 1

The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. • https://www.exploit-db.com/exploits/19882 http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml http://www.osvdb.org/1302 http://www.securityfocus.com/bid/1154 • CWE-20: Improper Input Validation •