CVSS: 7.1EPSS: 2%CPEs: 1EXPL: 0CVE-2008-1150
https://notcve.org/view.php?id=CVE-2008-1150
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309. La componente red privada virtual dial-up (VPDN) de Cisco IOS versiones anteriores a 12.3 permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de una serie de sesiones PPTP, en relación con la persistencia de las estructuras de datos de la interfaz de descriptor de bloque (BID) después de la terminación proceso, también conocido como bug CSCdv59309 ID. • http://secunia.com/advisories/29507 http://securitytracker.com/id?1019714 http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml http://www.securityfocus.com/bid/28460 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41484 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5598 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 2%CPEs: 1EXPL: 0CVE-2008-1151
https://notcve.org/view.php?id=CVE-2008-1151
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566. Fugas de memoria en la componente de red privada virtual dial-up (VPDN) en Cisco IOS versiones anteriores a 12.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de una serie de sesiones PPTP, en relación a "dead memory" que permanece asignado después de la finalización del proceso, también conocido como bug ID CSCsj58566. • http://secunia.com/advisories/29507 http://securitytracker.com/id?1019714 http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml http://www.securityfocus.com/bid/28460 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41483 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5287 • CWE-399: Resource Management Errors •
CVSS: 5.1EPSS: 1%CPEs: 4EXPL: 0CVE-2008-1156
https://notcve.org/view.php?id=CVE-2008-1156
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. Vulnerabilidad no especificada en la implementación de la Red Privada Virtual Multicast (MVPN) en Cisco IOS 12.0, 12.2, 12.3, y 12.4 permite a atacantes remotos crear "estados multicast extra en los routers core" a través de mensajes Multicast Distribution Tree (MDT) Data Join manipulados. • http://secunia.com/advisories/29507 http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml http://www.securityfocus.com/bid/28464 http://www.securitytracker.com/id?1019715 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41468 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5648 • CWE-16: Configuration CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 1%CPEs: 4EXPL: 1CVE-2008-1153
https://notcve.org/view.php?id=CVE-2008-1153
Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. Cisco IOS versiones 12.1, 12.2, 12.3 y 12.4, con servicios UDP de IPv4 y el protocolo IPv6 habilitado, permite a los atacantes remotos causar una denegación de servicio (bloqueo del dispositivo y posible interfaz bloqueada) por medio de un paquete IPv6 diseñado para el dispositivo. • http://secunia.com/advisories/29507 http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml http://www.kb.cert.org/vuls/id/936177 http://www.securityfocus.com/bid/28461 http://www.securitytracker.com/id?1019713 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41475 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3 •
CVSS: 7.8EPSS: 2%CPEs: 271EXPL: 0CVE-2008-1152
https://notcve.org/view.php?id=CVE-2008-1152
The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets. El componente data-link switching (DLSw) en Cisco IOS 12.0 hasta 12.4 permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo o consumo de memoria) a través de 91 paquetes manipulados del (1) puerto UDP 2067 o (2) protocolo IP. • http://secunia.com/advisories/29507 http://www.cisco.com/en/US/products/products_security_advisory09186a0080969866.shtml http://www.securityfocus.com/bid/28465 http://www.securitytracker.com/id?1019712 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41482 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5821 • CWE-399: Resource Management Errors •