Page 3 of 15 results (0.005 seconds)

CVSS: 7.7EPSS: 0%CPEs: 965EXPL: 0

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition. Una vulnerabilidad en el soporte de Intercambio de Claves de Internet Versión 2 (IKEv2) para la funcionalidad AutoReconnect de Cisco IOS Software y Cisco IOS XE Software podría permitir a un atacante remoto autenticado agotar las direcciones IP libres del pool local asignado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr • CWE-563: Assignment to Variable without Use CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.1EPSS: 0%CPEs: 306EXPL: 0

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599. Múltiples vulnerabilidades en la característica Login Enhancements (Login Block) de Cisco IOS Software permite que un atacante remoto no autenticado desencadene el reinicio de un sistema afectado. Esto resulta una condición de denegación de servicio (DoS). • http://www.securityfocus.com/bid/103556 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-slogin • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 0%CPEs: 306EXPL: 0

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599. Múltiples vulnerabilidades en la característica Login Enhancements (Login Block) de Cisco IOS Software permite que un atacante remoto no autenticado desencadene el reinicio de un sistema afectado. Esto resulta una condición de denegación de servicio (DoS). • http://www.securityfocus.com/bid/103556 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-slogin • CWE-399: Resource Management Errors •

CVSS: 5.4EPSS: 0%CPEs: 97EXPL: 0

The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. El servidor HTTP en Cisco IOS en switches Catalyst no trata correctamente los eventos socket TCP, lo que permite a atacantes remotos provocar una denegación de servicio (caída de dispositivo) a través de paquetes hechos a mano en el puerto TCP (1) 80 o (2) 443, también conocido como Bug ID CSCuc53853. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1100 • CWE-399: Resource Management Errors •

CVSS: 7.8EPSS: 0%CPEs: 167EXPL: 1

Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. Conmutadores Cisco Catalyst no especificados permiten a atacantes remotos causar una denegación de servicio (caída de dispositivo) mediante un paquete IP con IPs y puertos de origen y destino iguales y con la bandera SYN. (tcc LanD). NOTA: La proveniencia de esta cuestión es desconocida; los detalles son obtenidos exclusivamente de BID. • http://www.securityfocus.com/bid/15864 https://exchange.xforce.ibmcloud.com/vulnerabilities/44543 •