Page 43 of 433 results (0.006 seconds)

CVSS: 8.6EPSS: 0%CPEs: 14EXPL: 0

A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Una vulnerabilidad en la característica ETA (Cisco Encrypted Traffic Analytics) del software Cisco IOS XE podría permitir que un atacante remoto sin autenticar provoque una denegación de servicio (DoS). • http://www.securityfocus.com/bid/107614 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-eta-dos • CWE-20: Improper Input Validation CWE-416: Use After Free •

CVSS: 8.6EPSS: 0%CPEs: 164EXPL: 0

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la funcionalidad NBAR (Network-Based Application Recognition) de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque que el dispositivo afectado se recargue. • http://www.securityfocus.com/bid/107597 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar • CWE-20: Improper Input Validation •

CVSS: 8.6EPSS: 0%CPEs: 164EXPL: 0

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en la funcionalidad NBAR (Network-Based Application Recognition) de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque que el dispositivo afectado se recargue. • http://www.securityfocus.com/bid/107597 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar • CWE-20: Improper Input Validation •

CVSS: 8.6EPSS: 0%CPEs: 615EXPL: 0

A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device. Una vulnerabilidad en el procesamiento de los paquetes IP SLA (Service Level Agreement) de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque una cuña (wedge) en la interfaz y, finalmente, una denegación de servicio (DoS) en el dispositivo afectado. • http://www.securityfocus.com/bid/107604 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ipsla-dos • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a denial of service (DoS) condition. Una vulnerabilidad en la implementación de Open Shortest Path First version 3 (OSPFv3) en Cisco IOS e IOS XE Software podría permitir que un atacante adyacente sin autenticar provoque que un dispositivo afectado se reinicie. • http://www.securityfocus.com/bid/105403 http://www.securitytracker.com/id/1041737 https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ospfv3-dos • CWE-399: Resource Management Errors •