CVE-2008-1153
https://notcve.org/view.php?id=CVE-2008-1153
Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. Cisco IOS versiones 12.1, 12.2, 12.3 y 12.4, con servicios UDP de IPv4 y el protocolo IPv6 habilitado, permite a los atacantes remotos causar una denegación de servicio (bloqueo del dispositivo y posible interfaz bloqueada) por medio de un paquete IPv6 diseñado para el dispositivo. • http://secunia.com/advisories/29507 http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml http://www.kb.cert.org/vuls/id/936177 http://www.securityfocus.com/bid/28461 http://www.securitytracker.com/id?1019713 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41475 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3 •
CVE-2008-1152
https://notcve.org/view.php?id=CVE-2008-1152
The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets. El componente data-link switching (DLSw) en Cisco IOS 12.0 hasta 12.4 permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo o consumo de memoria) a través de 91 paquetes manipulados del (1) puerto UDP 2067 o (2) protocolo IP. • http://secunia.com/advisories/29507 http://www.cisco.com/en/US/products/products_security_advisory09186a0080969866.shtml http://www.securityfocus.com/bid/28465 http://www.securitytracker.com/id?1019712 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41482 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5821 • CWE-399: Resource Management Errors •
CVE-2007-5651
https://notcve.org/view.php?id=CVE-2007-5651
Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet. Vulnerabilidad no especificada en la implementación Extensible Authentication Protocol (EAP) en Cisco IOS 12.3 y 12.4 sobre Cisco Access Points y 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 y 12.2 sobre Cisco switches (Wired EAP dispositivos), y CatOS 6.x hasta la 8.x sobre Cisco switches permite a atacantes remotos provocar denegación de servicio (recarga de dispositivo) a través de un paquete EAP Response Identity manipulado. • http://secunia.com/advisories/27329 http://www.cisco.com/en/US/products/products_security_response09186a00808de8bb.html http://www.securityfocus.com/bid/26139 http://www.securitytracker.com/id?1018842 http://www.vupen.com/english/advisories/2007/3566 https://exchange.xforce.ibmcloud.com/vulnerabilities/37300 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5288 •
CVE-2007-5381 – Cisco IOS 12.3 - 'LPD' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-5381
Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515. Desbordamiento de búfer basado en pila en Line Printer Daemon (LPD) en Cisco IOS anterior a 12.2(18)SXF11, 12.4(16a), y 12.4(2)T6 permite a atacantes remotos ejecutar código de su elección a través de la configuración de un nombre de host largo sobre el sistema objetivo, lo cual hace que se muestre un mensaje de error, como se demostró con la sesión de telnet en el LPD desde un puerto fuente a otro que 515. • https://www.exploit-db.com/exploits/30652 http://osvdb.org/37935 http://secunia.com/advisories/27169 http://www.cisco.com/en/US/products/products_security_response09186a00808d72e3.html http://www.irmplc.com/index.php/155-Advisory-024 http://www.kb.cert.org/vuls/id/230505 http://www.securityfocus.com/bid/26001 http://www.securitytracker.com/id?1018798 http://www.vupen.com/english/advisories/2007/3457 https://exchange.xforce.ibmcloud.com/vulnerabilities/37046 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4632
https://notcve.org/view.php?id=CVE-2007-4632
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105. Cisco IOS 12.2E, 12.2F, y 12.2S coloca una línea "no login" en la configuración VTY cuando una administrador realiza determinados cambios e una propiedad (1)VTY/AUX ó (2) CONSOLE en un dispositivo sin AAA habilitado, lo cual permite a atacantes remotos evitar autenticación y obtener una terminal de sesión, vulnerabilidad distinta de CVE-1999-0293 y CVE-2005-2105. • http://www.cisco.com/en/US/products/products_security_response09186a00808ae4ca.html http://www.securityfocus.com/bid/25482 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5866 • CWE-287: Improper Authentication •