CVSS: 7.1EPSS: 2%CPEs: 2049EXPL: 0CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •
CVSS: 8.5EPSS: 0%CPEs: 11EXPL: 0CVE-2008-3806
https://notcve.org/view.php?id=CVE-2008-3806
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805. En Cisco IOS v12.0 a la v12.4 en Cisco 10000, los paquetes externos del UDP del manejador de dispositivos de la serie uBR10012 y uBR7200 que se envían a las direcciones 127.0.0.0 /8 pensados para comunicación IPC dentro del dispositivo, permite que los atacantes remotos causen una denegación del servicio (reinicio del dispositivo o del linecard) a través de paquetes del UDP manipulados, una vulnerabilidad distinta de CVE-2008-3805. • http://secunia.com/advisories/31990 http://tools.cisco.com/security/center/viewAlert.x?alertId=16646 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014ae.shtml https://exchange.xforce.ibmcloud.com/vulnerabilities/45592 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7123 •
CVSS: 7.8EPSS: 1%CPEs: 252EXPL: 0CVE-2008-3808
https://notcve.org/view.php?id=CVE-2008-3808
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet. Vulnerabilidad no especificada en Cisco IOS v12.0, permite a atacantes remotos causar denegación de servicio (reinicio de dispositivo) a través del paquete del Protocolo Multidifusión Independiente (PIM) manipulado. • http://secunia.com/advisories/31990 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01491.shtml http://www.securityfocus.com/bid/31356 http://www.securitytracker.com/id?1020936 http://www.vupen.com/english/advisories/2008/2670 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5873 •
CVSS: 7.1EPSS: 1%CPEs: 204EXPL: 0CVE-2008-3809
https://notcve.org/view.php?id=CVE-2008-3809
Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet. Vulnerabilidad en dispositivos Gigabit Switch Router (GSR),(aka 12000 Series routers), de Cisco IOS v12.0 a v12.4. Permite a atacantes de control remoto causar denegación de servicio (reinicio de dispositivo) a través de paquetes Multidifusión de Protocolo Independiente (Protocol Independent Multicast, PIM) mal formados. • http://secunia.com/advisories/31990 http://tools.cisco.com/security/center/viewAlert.x?alertId=16638 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01491.shtml http://www.securityfocus.com/bid/31356 http://www.securitytracker.com/id?1020936 http://www.vupen.com/english/advisories/2008/2670 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5477 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3799
https://notcve.org/view.php?id=CVE-2008-3799
Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages. Fuga de memoria en la implementación de la Session Initiation Protocol (SIP) en Cisco IOS v12.2 a la v12.4, cuando VoIP está configurada, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y parada del servicio de voz) a través de mensajes SIP válidos no especificados. • http://secunia.com/advisories/31990 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml http://www.securitytracker.com/id?1020939 http://www.vupen.com/english/advisories/2008/2670 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5927 • CWE-772: Missing Release of Resource after Effective Lifetime •