CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2013-5481
https://notcve.org/view.php?id=CVE-2013-5481
The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817. La implementación PPTP en Cisco 1.2.2 y 15.0 hasta 15.3, cuando se utiliza NAT, permite a atacantes remotos causar una denegación de servicio (recarga del dispositivo) a través de paquetes TCP manipulados (port-1723), aka Bug ID CSCtq14817. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 68EXPL: 0CVE-2013-5475
https://notcve.org/view.php?id=CVE-2013-5475
Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561. Cisco IOS 12.2 hasta 12.4 y 15.0 hasta 15.3, y IOS XE 2.1 hasta 3.9, permite a atacantes remotos causar una denegación de servicio (recarga del dispositivo) a través depaquetes DHCP manipulados que son procesados localmente por un (1) servidor o (2) agente transmisor, tambien conocido como Bug ID CSCug31561. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-dhcp • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5474
https://notcve.org/view.php?id=CVE-2013-5474
Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812. Condición de carrera en la implementación de IPv6 virtual fragmentation reassembly (VFR) en Cisco IOS 12.2 hasta 12.4 y 15.0 hasta 15.3 permite a un atacante remoto causar una denegación de servicio (recarga o cuelgue de dispositivo) a través de paquetes IPv6 fragmentados, tambien conocido como Bug ID CSCud64812. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ipv6vfr • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 25EXPL: 0CVE-2013-1143
https://notcve.org/view.php?id=CVE-2013-1143
The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect memory access and device reload) via a traffic engineering PATH message in an RSVP packet, aka Bug ID CSCtg39957. La implementación del protocolo RSVP en Cisco IOS 12.2 y 15.0 a la 15.2 e IOS XE 3.1.xS a la 3.4.xS anteior a 3.4.5S y 3.5.xS a la 3.7.xS anterior a 3.7.2S, cuando está activado MPLS-TE, permite a atacantes remotos provocar una denegación de servicio (acceso incorrecto a memoria y recarga de dispositivo) a través de un mensaje del tipo "traffic engineering PATH" en un paquete RSVP. Aka Bug ID CSCtg39957. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-rsvp http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1143 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2013-1146 – Cisco IOS Smart Install Configuration File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1146
The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790. La funcionalidad Smart Install del cliente de Cisco IOS v12.2 y v15.0 hasta v15.3 en los switches Catalyst permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) a través de una lista de parámetros imagen en los paquetes de Smart Install, conocido como ID de error alias CSCub55790. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco IOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Smart Install client. A specially crafted packet can be sent to the SMI IBC server to instruct it to download the IOS config file and IOS image file(s). • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •