CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 0CVE-2018-0167 – Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-0167
28 Mar 2018 — Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487. Múltiples vulnerabilidades de desbordamiento de búfer en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco ... • http://www.securityfocus.com/bid/103564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0169
https://notcve.org/view.php?id=CVE-2018-0169
28 Mar 2018 — Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabi... • http://www.securityfocus.com/bid/103567 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.6EPSS: 9%CPEs: 24EXPL: 0CVE-2018-0173 – Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2018-0173
28 Mar 2018 — A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker ... • http://www.securityfocus.com/bid/103545 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 5%CPEs: 15EXPL: 0CVE-2018-0174 – Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2018-0174
28 Mar 2018 — A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DH... • http://www.securityfocus.com/bid/103554 • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 2%CPEs: 16EXPL: 0CVE-2018-0175 – Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-0175
28 Mar 2018 — Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664. Vulnerabilidad de cadena de formato en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco IOS XE Software y Cisco IOS XR Software pod... • http://www.securityfocus.com/bid/103564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.1EPSS: 2%CPEs: 306EXPL: 0CVE-2018-0179 – Cisco IOS Software Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0179
28 Mar 2018 — Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599. Múltiples vulnerabilidades en la característica Login Enhancements (Login Block) de Cisco IOS Software per... • http://www.securityfocus.com/bid/103556 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 2%CPEs: 306EXPL: 0CVE-2018-0180 – Cisco IOS Software Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0180
28 Mar 2018 — Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599. Múltiples vulnerabilidades en la característica Login Enhancements (Login Block) de Cisco IOS Software per... • http://www.securityfocus.com/bid/103556 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 80%CPEs: 1EXPL: 2CVE-2018-0171 – Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-0171
28 Mar 2018 — A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow t... • https://www.exploit-db.com/exploits/44451 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12289
https://notcve.org/view.php?id=CVE-2017-12289
19 Oct 2017 — A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug logging that causes sensitive information to be written to the log file. This information should be restricted. An attacker who has valid administrative credentials could exploit this vulnerability by authenticatin... • http://www.securityfocus.com/bid/101509 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 581EXPL: 0CVE-2017-12228
https://notcve.org/view.php?id=CVE-2017-12228
28 Sep 2017 — A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-... • http://www.securityfocus.com/bid/101065 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •