CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12213
https://notcve.org/view.php?id=CVE-2017-12213
A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751. • http://www.securityfocus.com/bid/100663 http://www.securitytracker.com/id/1039284 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 97%CPEs: 323EXPL: 7CVE-2017-3881 – Cisco IOS and IOS XE Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3881
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. • https://www.exploit-db.com/exploits/41872 https://www.exploit-db.com/exploits/42122 https://github.com/homjxi0e/CVE-2017-3881-exploit-cisco- https://github.com/homjxi0e/CVE-2017-3881-Cisco https://github.com/1337g/CVE-2017-3881 https://github.com/mzakyz666/PoC-CVE-2017-3881 http://www.securityfocus.com/bid/96960 http://www.securityfocus.com/bid/97391 http://www.securitytracker.com/id/1038059 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 97EXPL: 0CVE-2013-1100
https://notcve.org/view.php?id=CVE-2013-1100
The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. El servidor HTTP en Cisco IOS en switches Catalyst no trata correctamente los eventos socket TCP, lo que permite a atacantes remotos provocar una denegación de servicio (caída de dispositivo) a través de paquetes hechos a mano en el puerto TCP (1) 80 o (2) 443, también conocido como Bug ID CSCuc53853. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1100 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 2%CPEs: 10EXPL: 0CVE-2007-4011
https://notcve.org/view.php?id=CVE-2007-4011
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841. Cisco 4100 y 4400, Airespace 4000, y Catalyst 6500 y 3750 Wireless LAN Controller (WLC) software anterior a 3.2 20070727, 4.0 anterior a 20070727, y 4.1 anterior a 4.1.180.0 permite a atacantes remotos provocar denegación de servicio (amplificación de tráfico o tormenta ARP)a través de una respuesta ARP unicast que (1) tiene una dirección de destino MAC desconocida a la infraestructura Layer-2, también conocida como CSCsj69233; o (2) ocurre a lo lago del roaming Layer-3 a través de subredes IP, también conocido como CSCsj70841. • http://secunia.com/advisories/26161 http://www.cisco.com/en/US/products/products_security_advisory09186a008088ab28.shtml http://www.securityfocus.com/bid/25043 http://www.securitytracker.com/id?1018444 http://www.vupen.com/english/advisories/2007/2636 https://exchange.xforce.ibmcloud.com/vulnerabilities/35576 •
CVSS: 7.1EPSS: 2%CPEs: 10EXPL: 0CVE-2007-4012
https://notcve.org/view.php?id=CVE-2007-4012
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374. Cisco 4100 y 4400, Airespace 4000, y Catalyst 6500 y 3750 Wireless LAN Controller (WLC) software 4.1 versiones anteriores a 4.1.180.0, permiten a atacantes remotos provocar una denegación de servicio (tormenta ARP) mediante un distribución a todos de paquete ARP que "coincide con la dirección IP de un contexto de cliente conocido", también conocido como CSCsj50374. • http://secunia.com/advisories/26161 http://www.cisco.com/en/US/products/products_security_advisory09186a008088ab28.shtml http://www.securityfocus.com/bid/25043 http://www.securitytracker.com/id?1018444 http://www.vupen.com/english/advisories/2007/2636 https://exchange.xforce.ibmcloud.com/vulnerabilities/35576 https://exchange.xforce.ibmcloud.com/vulnerabilities/44591 •