Page 66 of 423 results (0.010 seconds)

CVSS: 9.3EPSS: 89%CPEs: 380EXPL: 3

The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259. El servidor FTP en Cisco IOS versiones 11.3 hasta 12.4, no comprueba apropiadamente la autorización del usuario, lo que permite a atacantes remotos ejecutar código arbitrario, y tener otro impacto, incluyendo la lectura de la configuración de inicio, como es demostrado mediante un comando MKD especialmente diseñado que involucra el acceso a un dispositivo VTY y desborda un búfer, también se conoce como ID de bug CSCek55259. • https://www.exploit-db.com/exploits/6155 http://seclists.org/bugtraq/2009/Jan/0183.html http://secunia.com/advisories/25199 http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml http://www.exploit-db.com/exploits/6155 http://www.osvdb.org/35334 http://www.securityfocus.com/archive/1/494868 http://www.securityfocus.com/bid/23885 http://www.securitytracker.com/id?1018030 http://www.vupen.com/english/advisories/2007/1749 https://exchange.xforce& • CWE-863: Incorrect Authorization •

CVSS: 6.1EPSS: 2%CPEs: 9EXPL: 0

Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet. Vulnerabilidad no especificada en Cisco IOS 12.2SXA, SXB, SXD, and SXF; y el MSFC2, MSFC2a y MSFC3 corriendo en Modo Híbrido en Cisco Catalyst 6000, 6500 y Cisco 7600 series systems; permite a atacantes remotos en un segmento de red local provocar una denegación de servicio (recarga de software) mediante un paquete MPLS concreto. • http://osvdb.org/33067 http://secunia.com/advisories/24348 http://www.cisco.com/warp/public/707/cisco-sa-20070228-mpls.shtml http://www.securitytracker.com/id?1017709 http://www.vupen.com/english/advisories/2007/0782 https://exchange.xforce.ibmcloud.com/vulnerabilities/32748 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5869 •

CVSS: 7.1EPSS: 1%CPEs: 25EXPL: 0

The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature. El motor de firmas ATOMIC.TCP en la función Intrusion Prevention System (IPS) para Cisco IOS versiones 12.4XA, 12.3YA, 12.3T y otros trenes permite a los atacantes remotos causar una denegación de servicio (bloqueo de IPS y pérdida de tráfico) por medio de manipulaciones no especificadas que no se manejan apropiadamente con la función regular expression, como se demuestra con la firma 3123.0 (Netbus Pro Traffic). • http://osvdb.org/33053 http://secunia.com/advisories/24142 http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html http://www.securityfocus.com/bid/22549 http://www.securitytracker.com/id?1017631 http://www.vupen.com/english/advisories/2007/0597 https://exchange.xforce.ibmcloud.com/vulnerabilities/32474 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5 •

CVSS: 6.4EPSS: 6%CPEs: 25EXPL: 0

The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. El Sistema de Prevención de Intrusión (IPS) para Cisco IOS 12.4XE hasta 12.3T permite a atacantes remotos evitar firmas IPS que utilizan expresiones regulares mediante paquetes fragmentados. • http://osvdb.org/33052 http://secunia.com/advisories/24142 http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html http://www.securityfocus.com/bid/22549 http://www.securitytracker.com/id?1017631 http://www.vupen.com/english/advisories/2007/0597 https://exchange.xforce.ibmcloud.com/vulnerabilities/32473 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5 •

CVSS: 7.8EPSS: 6%CPEs: 53EXPL: 0

Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. Cisco IOS después de las versiones 12.3(14)T, 12.3(8)YC1, 12.3(8)YG y 12.4, con soporte de voz y sin el Session Initiated Protocol (SIP) configurado, permite a atacantes remotos provocar una denegación de servicio (caída) mediante el envío de un paquete manipulado al puerto 5060/UDP. • http://secunia.com/advisories/23978 http://securitytracker.com/id?1017575 http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml http://www.kb.cert.org/vuls/id/438176 http://www.securityfocus.com/bid/22330 http://www.vupen.com/english/advisories/2007/0428 https://exchange.xforce.ibmcloud.com/vulnerabilities/31990 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5138 •