CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 0CVE-2019-1681 – Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-1681
21 Feb 2019 — A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-supplied input within TFTP requests processed by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques in malicious requests sent to the TFTP service on a target... • http://www.securityfocus.com/bid/107107 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 19EXPL: 0CVE-2018-15428 – Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15428
05 Oct 2018 — A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP proc... • http://www.securitytracker.com/id/1041790 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 1%CPEs: 11EXPL: 0CVE-2018-0418
https://notcve.org/view.php?id=CVE-2018-0418
15 Aug 2018 — A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successfu... • http://www.securityfocus.com/bid/105185 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2018-0286
https://notcve.org/view.php?id=CVE-2018-0286
02 May 2018 — A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affected system.... • http://www.securityfocus.com/bid/104083 • CWE-399: Resource Management Errors CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.4EPSS: 0%CPEs: 21EXPL: 0CVE-2018-0241
https://notcve.org/view.php?id=CVE-2018-0241
19 Apr 2018 — A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IPv4 helper address. An attacker could exploit this vulnerability by sending multiple UDP broadcast packets to the affected device. An exploit could allow the attacker to cause a buffer leak on the affected device, ... • http://www.securityfocus.com/bid/103929 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 0CVE-2018-0167 – Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-0167
28 Mar 2018 — Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487. Múltiples vulnerabilidades de desbordamiento de búfer en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco ... • http://www.securityfocus.com/bid/103564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 1%CPEs: 9EXPL: 0CVE-2018-0136
https://notcve.org/view.php?id=CVE-2018-0136
31 Jan 2018 — A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through... • http://www.securityfocus.com/bid/102905 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12355
https://notcve.org/view.php?id=CVE-2017-12355
30 Nov 2017 — A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete LPTS frame validation by the affected software. An attacker could exploit this vulnerability by sending crafted XML requests to the management interface of an af... • http://www.securityfocus.com/bid/101989 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6731
https://notcve.org/view.php?id=CVE-2017-6731
10 Jul 2017 — A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST. • http://www.securitytracker.com/id/1038820 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6718
https://notcve.org/view.php?id=CVE-2017-6718
04 Jul 2017 — A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT. Una vulnerabilidad en la CLI del programa IOS XR de Cisco, podría permitir a un atacante local identificado elevar los privilegios al nivel root. • http://www.securityfocus.com/bid/99226 • CWE-20: Improper Input Validation •