CVSS: 8.6EPSS: 5%CPEs: 15EXPL: 0CVE-2018-0174 – Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2018-0174
28 Mar 2018 — A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DH... • http://www.securityfocus.com/bid/103554 • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 2%CPEs: 16EXPL: 0CVE-2018-0175 – Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-0175
28 Mar 2018 — Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664. Vulnerabilidad de cadena de formato en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco IOS XE Software y Cisco IOS XR Software pod... • http://www.securityfocus.com/bid/103564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12289
https://notcve.org/view.php?id=CVE-2017-12289
19 Oct 2017 — A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug logging that causes sensitive information to be written to the log file. This information should be restricted. An attacker who has valid administrative credentials could exploit this vulnerability by authenticatin... • http://www.securityfocus.com/bid/101509 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 8%CPEs: 491EXPL: 0CVE-2017-12237 – Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-12237
28 Sep 2017 — A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be pr... • http://www.securityfocus.com/bid/101037 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 581EXPL: 0CVE-2017-12228
https://notcve.org/view.php?id=CVE-2017-12228
28 Sep 2017 — A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-... • http://www.securityfocus.com/bid/101065 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 19%CPEs: 17EXPL: 0CVE-2017-12229
https://notcve.org/view.php?id=CVE-2017-12229
28 Sep 2017 — A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication an... • http://www.securityfocus.com/bid/101032 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3049
https://notcve.org/view.php?id=CVE-2010-3049
25 Sep 2017 — Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). Cisco IOS en versiones anteriores a la 12.2(33)SXI permite que los usuarios locales provoquen una denegación de servicio (reinicio del dispositivo). • https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/release/notes/ol_14271/caveats_SXI_rebuilds.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3050
https://notcve.org/view.php?id=CVE-2010-3050
25 Sep 2017 — Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). Cisco IOS en versiones anteriores a la 12.2(33)SXI permite que los usuarios autenticados remotos provoquen una denegación de servicio (reinicio del dispositivo). • https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/release/notes/ol_14271/caveats_SXI_rebuilds.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5030
https://notcve.org/view.php?id=CVE-2012-5030
02 Aug 2017 — Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects. Cisco IOS en versiones anteriores a 15.2(4)S6 no inicializa una variable no especificada, lo que podría permitir que usuarios remotos autenticados provoquen una denegación de servicio (consumo de CPU, watchdog timeout, caída del sistema) recorriendo objetos SNMP específicos. • https://www.cisco.com/c/en/us/td/docs/ios/15_2s/release/notes/15_2s_rel_notes/15_2s_caveats_15_2_4s.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 198EXPL: 0CVE-2017-3856
https://notcve.org/view.php?id=CVE-2017-3856
22 Mar 2017 — A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to relo... • http://www.securityfocus.com/bid/97007 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •