CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 0CVE-2010-0578
https://notcve.org/view.php?id=CVE-2010-0578
The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491. Vulnerabilidad sin especificar en la implementación IKE en Cisco IOS v12.2 a la v12.4 en routers Cisco 7200 y 7301 con VAM2+, permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) a través de un mensaje IKE mal formado. También conocido como Bug ID CSCtb13491. • http://osvdb.org/63182 http://secunia.com/advisories/39057 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee5.shtml http://www.securityfocus.com/bid/38932 http://www.securitytracker.com/id?1023741 http://www.vupen.com/english/advisories/2010/0709 https://exchange.xforce.ibmcloud.com/vulnerabilities/57148 • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 3CVE-2008-4128 – Cisco Router - HTTP Administration Cross-Site Request Forgery / Command Execution
https://notcve.org/view.php?id=CVE-2008-4128
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information. Vulnerabilidad múltiple de falsificación de petición en sitios cruzados - CSRF en el componente de administración HTTP en el IOS Cisco 12.4 en el Router de Servicios Integrados 871, que permite a los atacantes remotos ejecutar arbitrariamente comandos a través de(1) ciertos comandos que "muestran lo privilegios" en /level/15/exec/- URI, y (2) ciertos comandos "alias exec" en /level/15/exec/-/configure/http URI. NOTA: algunos de estos detalles fueron obtenidos de información de terceros. • https://www.exploit-db.com/exploits/6476 http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html http://www.securityfocus.com/bid/31218 https://exchange.xforce.ibmcloud.com/vulnerabilities/45226 https://www.exploit-db.com/exploits/6477 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 12%CPEs: 1EXPL: 0CVE-2008-2636
https://notcve.org/view.php?id=CVE-2008-2636
The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence. El servicio HTTP en Cisco Linksys WRH54G con software empotrado (firmware) 1.01.03 permite a atacantes remotos provocar una denegación de servicio (parada de la interfaz de administración) o posiblemente ejecutar código de su elección a través de una URI que comience con una secuencia "/./", contiene muchos casos de una secuencia "front_page", y finalice con una secuencia "".asp. • http://secunia.com/advisories/30562 http://securityreason.com/securityalert/3929 http://www.securityfocus.com/archive/1/493129/100/0/threaded http://www.securitytracker.com/id?1020237 http://www.vupen.com/english/advisories/2008/1772/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42890 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 2%CPEs: 6EXPL: 0CVE-2008-0537
https://notcve.org/view.php?id=CVE-2008-0537
Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors. Vulnerabilidades no especificadas en Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), y Route Switch Processor 720 (RSP720) para múltiples productos de Cisco, cuando utilizan Multi Protocol Label Switching (MPLS) VPN y OSPF sham-link, permite a atacantes remotos provocar una denegación de servicio (cola bloqueada, dispositivo reiniciado, o fuga de memoria) a través de vectores desconocidos. • http://secunia.com/advisories/29559 http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml http://www.securityfocus.com/bid/28463 http://www.securitytracker.com/id?1019716 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1005/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41466 •
CVSS: 7.8EPSS: 2%CPEs: 3EXPL: 0CVE-2007-5584
https://notcve.org/view.php?id=CVE-2007-5584
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections." Vulnerabilidad no especificada en Cisco Firewall Services Module (FWSM) 3.2(3) permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) mediante "datos manipulados en la ruta del plano de control con Inspecciones de Capa 7 de Applicación". • http://secunia.com/advisories/28175 http://www.cisco.com/en/US/products/products_security_advisory09186a008091b11d.shtml http://www.osvdb.org/39298 http://www.securityfocus.com/bid/26941 http://www.securitytracker.com/id?1019120 http://www.vupen.com/english/advisories/2007/4270 https://exchange.xforce.ibmcloud.com/vulnerabilities/39135 •