CVSS: 6.5EPSS: 0%CPEs: 187EXPL: 0CVE-2017-6665
https://notcve.org/view.php?id=CVE-2017-6665
07 Aug 2017 — A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an affected system and view ACP packets that are transferred in clear text within an affected system, an Information Disclosure Vulnerability. More Information: CSCvd51214. Known Affected Releases: Denali-16.2.1 Denali-16.3.1. Una vulnerabilidad en la funcionalidad Autonomic Networking de Cisco IOS Software y Cisco... • http://www.securityfocus.com/bid/99969 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5030
https://notcve.org/view.php?id=CVE-2012-5030
02 Aug 2017 — Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects. Cisco IOS en versiones anteriores a 15.2(4)S6 no inicializa una variable no especificada, lo que podría permitir que usuarios remotos autenticados provoquen una denegación de servicio (consumo de CPU, watchdog timeout, caída del sistema) recorriendo objetos SNMP específicos. • https://www.cisco.com/c/en/us/td/docs/ios/15_2s/release/notes/15_2s_rel_notes/15_2s_caveats_15_2_4s.html • CWE-399: Resource Management Errors •
CVSS: 6.9EPSS: 0%CPEs: 164EXPL: 0CVE-2017-6606
https://notcve.org/view.php?id=CVE-2017-6606
07 Apr 2017 — A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.... • http://www.securityfocus.com/bid/97434 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 198EXPL: 0CVE-2017-3856
https://notcve.org/view.php?id=CVE-2017-3856
22 Mar 2017 — A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to relo... • http://www.securityfocus.com/bid/97007 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.4EPSS: 0%CPEs: 161EXPL: 0CVE-2017-3849
https://notcve.org/view.php?id=CVE-2017-3849
21 Mar 2017 — A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all th... • http://www.securityfocus.com/bid/96972 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 143EXPL: 0CVE-2017-3850
https://notcve.org/view.php?id=CVE-2017-3850
21 Mar 2017 — A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that s... • http://www.securityfocus.com/bid/96971 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 3%CPEs: 190EXPL: 0CVE-2016-6385
https://notcve.org/view.php?id=CVE-2016-6385
05 Oct 2016 — Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367. Fuga de memoria en la implementación del cliente Smart Install en Cisco IOS 12.2 y 15.0 hasta la versión 15.2 e IOS XE 3.2 hasta la versión 3.8 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de parámetros de lis... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2146
https://notcve.org/view.php?id=CVE-2014-2146
22 Sep 2016 — The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. La funcionalidad Zone-Based Firewall (ZBFW) en Cisco IOS, posiblemente 15.4 y versiones anteriores e IOS XE, posiblemente 3.13 y versiones anteriores, no maneja adecu... • http://www.securityfocus.com/bid/93126 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6403
https://notcve.org/view.php?id=CVE-2016-6403
18 Sep 2016 — The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912. La aplicación Data in Motion (DMo) en Cisco IOS 15.6(1)T e IOS XE, cuando el conjunto de características IOx está activado, permite a atacantes remotos provocar una denegación de servicio a través de un paquete manipulado, vulnerabilidad también conocida como Bug IDs CSCuy8290... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ios-xe • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2015-0609
https://notcve.org/view.php?id=CVE-2015-0609
16 Feb 2015 — Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752. Condición de carrera en Common Classification Engine (CCE) en la implamantación Measurement, Aggregation, and... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0609 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •