CVSS: 8.6EPSS: 2%CPEs: 164EXPL: 0CVE-2019-1738 – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1738
27 Mar 2019 — A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload,... • http://www.securityfocus.com/bid/107597 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 1%CPEs: 615EXPL: 0CVE-2019-1737 – Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1737
27 Mar 2019 — A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the at... • http://www.securityfocus.com/bid/107604 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 0CVE-2018-0167 – Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-0167
28 Mar 2018 — Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487. Múltiples vulnerabilidades de desbordamiento de búfer en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco ... • http://www.securityfocus.com/bid/103564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 9%CPEs: 24EXPL: 0CVE-2018-0173 – Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2018-0173
28 Mar 2018 — A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker ... • http://www.securityfocus.com/bid/103545 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 5%CPEs: 15EXPL: 0CVE-2018-0174 – Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2018-0174
28 Mar 2018 — A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DH... • http://www.securityfocus.com/bid/103554 • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 2%CPEs: 16EXPL: 0CVE-2018-0175 – Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-0175
28 Mar 2018 — Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664. Vulnerabilidad de cadena de formato en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco IOS XE Software y Cisco IOS XR Software pod... • http://www.securityfocus.com/bid/103564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12289
https://notcve.org/view.php?id=CVE-2017-12289
19 Oct 2017 — A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug logging that causes sensitive information to be written to the log file. This information should be restricted. An attacker who has valid administrative credentials could exploit this vulnerability by authenticatin... • http://www.securityfocus.com/bid/101509 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 74EXPL: 0CVE-2017-12239
https://notcve.org/view.php?id=CVE-2017-12239
28 Sep 2017 — A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could... • http://www.securityfocus.com/bid/101042 • CWE-264: Permissions, Privileges, and Access Controls CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3049
https://notcve.org/view.php?id=CVE-2010-3049
25 Sep 2017 — Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). Cisco IOS en versiones anteriores a la 12.2(33)SXI permite que los usuarios locales provoquen una denegación de servicio (reinicio del dispositivo). • https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/release/notes/ol_14271/caveats_SXI_rebuilds.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3050
https://notcve.org/view.php?id=CVE-2010-3050
25 Sep 2017 — Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). Cisco IOS en versiones anteriores a la 12.2(33)SXI permite que los usuarios autenticados remotos provoquen una denegación de servicio (reinicio del dispositivo). • https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/release/notes/ol_14271/caveats_SXI_rebuilds.html • CWE-20: Improper Input Validation •