CVSS: 8.8EPSS: 4%CPEs: 24EXPL: 0CVE-2018-0167 – Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-0167
28 Mar 2018 — Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487. Múltiples vulnerabilidades de desbordamiento de búfer en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco ... • http://www.securityfocus.com/bid/103564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 15EXPL: 0CVE-2018-0155 – Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0155
28 Mar 2018 — A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected swi... • http://www.securityfocus.com/bid/103565 • CWE-388: 7PK - Errors CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.0EPSS: 3%CPEs: 16EXPL: 0CVE-2018-0175 – Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-0175
28 Mar 2018 — Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664. Vulnerabilidad de cadena de formato en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco IOS XE Software y Cisco IOS XR Software pod... • http://www.securityfocus.com/bid/103564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0169
https://notcve.org/view.php?id=CVE-2018-0169
28 Mar 2018 — Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabi... • http://www.securityfocus.com/bid/103567 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12289
https://notcve.org/view.php?id=CVE-2017-12289
19 Oct 2017 — A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug logging that causes sensitive information to be written to the log file. This information should be restricted. An attacker who has valid administrative credentials could exploit this vulnerability by authenticatin... • http://www.securityfocus.com/bid/101509 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 22%CPEs: 2762EXPL: 0CVE-2017-12240 – Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-12240
28 Sep 2017 — The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a cra... • http://www.securityfocus.com/bid/101034 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 126EXPL: 0CVE-2017-12231 – Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-12231
28 Sep 2017 — A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet throu... • http://www.securityfocus.com/bid/101039 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 39EXPL: 0CVE-2017-12234 – Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-12234
28 Sep 2017 — Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit cou... • http://www.securityfocus.com/bid/101038 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 491EXPL: 0CVE-2017-12237 – Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-12237
28 Sep 2017 — A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be pr... • http://www.securityfocus.com/bid/101037 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 2%CPEs: 95EXPL: 0CVE-2017-12235 – Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-12235
28 Sep 2017 — A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device ... • http://www.securityfocus.com/bid/101043 • CWE-20: Improper Input Validation •