CVSS: 6.4EPSS: 6%CPEs: 25EXPL: 0CVE-2007-0917
https://notcve.org/view.php?id=CVE-2007-0917
The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. El Sistema de Prevención de Intrusión (IPS) para Cisco IOS 12.4XE hasta 12.3T permite a atacantes remotos evitar firmas IPS que utilizan expresiones regulares mediante paquetes fragmentados. • http://osvdb.org/33052 http://secunia.com/advisories/24142 http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html http://www.securityfocus.com/bid/22549 http://www.securitytracker.com/id?1017631 http://www.vupen.com/english/advisories/2007/0597 https://exchange.xforce.ibmcloud.com/vulnerabilities/32473 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5 •
CVSS: 7.1EPSS: 1%CPEs: 25EXPL: 0CVE-2007-0918
https://notcve.org/view.php?id=CVE-2007-0918
The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature. El motor de firmas ATOMIC.TCP en la función Intrusion Prevention System (IPS) para Cisco IOS versiones 12.4XA, 12.3YA, 12.3T y otros trenes permite a los atacantes remotos causar una denegación de servicio (bloqueo de IPS y pérdida de tráfico) por medio de manipulaciones no especificadas que no se manejan apropiadamente con la función regular expression, como se demuestra con la firma 3123.0 (Netbus Pro Traffic). • http://osvdb.org/33053 http://secunia.com/advisories/24142 http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html http://www.securityfocus.com/bid/22549 http://www.securitytracker.com/id?1017631 http://www.vupen.com/english/advisories/2007/0597 https://exchange.xforce.ibmcloud.com/vulnerabilities/32474 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5 •
CVSS: 7.8EPSS: 6%CPEs: 53EXPL: 0CVE-2007-0648
https://notcve.org/view.php?id=CVE-2007-0648
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. Cisco IOS después de las versiones 12.3(14)T, 12.3(8)YC1, 12.3(8)YG y 12.4, con soporte de voz y sin el Session Initiated Protocol (SIP) configurado, permite a atacantes remotos provocar una denegación de servicio (caída) mediante el envío de un paquete manipulado al puerto 5060/UDP. • http://secunia.com/advisories/23978 http://securitytracker.com/id?1017575 http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml http://www.kb.cert.org/vuls/id/438176 http://www.securityfocus.com/bid/22330 http://www.vupen.com/english/advisories/2007/0428 https://exchange.xforce.ibmcloud.com/vulnerabilities/31990 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5138 •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2007-0199
https://notcve.org/view.php?id=CVE-2007-0199
The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange." La propiedad Data-link Switching (DLSw) en Cisco IOS 11.0 hata 12.4 permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) mediante "un valor inválido en un mensaje DLSw... durante el intercambio de habilidades". • http://osvdb.org/32683 http://secunia.com/advisories/23697 http://securitytracker.com/id?1017498 http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml http://www.securityfocus.com/bid/21990 http://www.vupen.com/english/advisories/2007/0139 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5714 •
CVSS: 10.0EPSS: 2%CPEs: 228EXPL: 0CVE-2006-4950
https://notcve.org/view.php?id=CVE-2006-4950
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. Cisco IOS 12.2 hasta 12.4 anteriores al 20/09/2006, usados por Cisco IAD2430, IAD2431, y IAD2432 Integrated Access Devices, el VG224 Analog Phone Gateway, y el MWR 1900 y 1941 Mobile Wireless Edge Routers, está identificado de forma incorrecta como soporte DOCSIS, lo que permiet a un atacante remoto conseguir acceso lectura-escritura a través de una secuencia de hard-coded cable-docsis y leer o modificar variables SNMP de su elección. • http://secunia.com/advisories/21974 http://securitytracker.com/id?1016899 http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml http://www.kb.cert.org/vuls/id/123140 http://www.osvdb.org/29034 http://www.securityfocus.com/bid/20125 http://www.vupen.com/english/advisories/2006/3722 https://exchange.xforce.ibmcloud.com/vulnerabilities/29054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5665 •