CVSS: 8.6EPSS: 2%CPEs: 615EXPL: 0CVE-2019-1737 – Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1737
27 Mar 2019 — A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the at... • http://www.securityfocus.com/bid/107604 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1195EXPL: 0CVE-2018-0197 – Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0197
05 Oct 2018 — A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code o... • http://www.securityfocus.com/bid/105424 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 1%CPEs: 3EXPL: 0CVE-2018-0467 – Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0467
05 Oct 2018 — A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. Una vuln... • http://www.securitytracker.com/id/1041737 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 7%CPEs: 2EXPL: 0CVE-2018-0485 – Cisco IOS and IOS XE Software SM-1T3/E3 Service Module Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0485
05 Oct 2018 — A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of user input. An attacker could exploit this vulnerability by first connecting to the SM-1T3/E3 modu... • http://www.securityfocus.com/bid/105433 • CWE-19: Data Processing Errors CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15369 – Cisco IOS and IOS XE Software TACACS+ Client Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15369
05 Oct 2018 — A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by i... • http://www.securityfocus.com/bid/105426 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15375 – Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-15375
05 Oct 2018 — A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ir800-memwrite • CWE-123: Write-what-where Condition •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15376 – Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-15376
05 Oct 2018 — A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ir800-memwrite • CWE-123: Write-what-where Condition •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0257
https://notcve.org/view.php?id=CVE-2018-0257
19 Apr 2018 — A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect handling of certain DHCP packets. An attacker could exploit this vulnerability by sending certain DHCP packets to a specific segment of an affected device. A successful exploit could allow the attacker to increase CPU usage on... • http://www.securityfocus.com/bid/103948 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 128EXPL: 0CVE-2018-0163
https://notcve.org/view.php?id=CVE-2018-0163
28 Mar 2018 — A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain a... • http://www.securityfocus.com/bid/103571 • CWE-287: Improper Authentication •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0164
https://notcve.org/view.php?id=CVE-2018-0164
28 Mar 2018 — A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. The vulnerability is due to incorrect handling of crafted IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv6 packets through the device. An exploit could allow the attacker to cause an interface queue wedge. This vulnerability affects the Cisco cBR-8 Converged Broadband Router, Cisco ASR 1000 Series Aggregation ... • http://www.securityfocus.com/bid/103553 • CWE-399: Resource Management Errors •