CVSS: 8.6EPSS: 0%CPEs: 322EXPL: 0CVE-2019-1752 – Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1752
28 Mar 2019 — A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condit... • http://www.securityfocus.com/bid/107589 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 930EXPL: 0CVE-2019-1748 – Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1748
27 Mar 2019 — A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify conf... • http://www.securityfocus.com/bid/107619 • CWE-295: Improper Certificate Validation •
CVSS: 7.4EPSS: 0%CPEs: 567EXPL: 0CVE-2019-1746 – Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1746
27 Mar 2019 — A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulti... • http://www.securityfocus.com/bid/107612 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 164EXPL: 0CVE-2019-1739 – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1739
27 Mar 2019 — A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, re... • http://www.securityfocus.com/bid/107597 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 164EXPL: 0CVE-2019-1738 – Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1738
27 Mar 2019 — A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload,... • http://www.securityfocus.com/bid/107597 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 2%CPEs: 615EXPL: 0CVE-2019-1737 – Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1737
27 Mar 2019 — A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the at... • http://www.securityfocus.com/bid/107604 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1195EXPL: 0CVE-2018-0197 – Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0197
05 Oct 2018 — A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code o... • http://www.securityfocus.com/bid/105424 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0475 – Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0475
05 Oct 2018 — A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to... • http://www.securityfocus.com/bid/105404 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 15%CPEs: 15EXPL: 0CVE-2018-0155 – Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0155
28 Mar 2018 — A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected swi... • http://www.securityfocus.com/bid/103565 • CWE-388: 7PK - Errors CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 0CVE-2018-0167 – Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-0167
28 Mar 2018 — Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487. Múltiples vulnerabilidades de desbordamiento de búfer en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco ... • http://www.securityfocus.com/bid/103564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •