CVSS: 10.0EPSS: 6%CPEs: 2762EXPL: 0CVE-2017-12240 – Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-12240
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. • http://www.securityfocus.com/bid/101034 http://www.securitytracker.com/id/1039445 https://quickview.cloudapps.cisco.com/quickview/bug/CSCsm45390 https://quickview.cloudapps.cisco.com/quickview/bug/CSCuw77959 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 126EXPL: 0CVE-2017-12231 – Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-12231
A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. • http://www.securityfocus.com/bid/101039 http://www.securitytracker.com/id/1039449 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 255EXPL: 0CVE-2017-12232 – Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-12232
A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809. • http://www.securityfocus.com/bid/101044 http://www.securitytracker.com/id/1039452 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-rbip-dos • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-12236
https://notcve.org/view.php?id=CVE-2017-12236
A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. • http://www.securityfocus.com/bid/101033 http://www.securitytracker.com/id/1039448 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2011-4667
https://notcve.org/view.php?id=CVE-2011-4667
The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. La biblioteca de cifrado en Cisco IOS Software 15.2(1)T, 15.2(1)T1 y 15.2(2)T, Cisco NX-OS en Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module y Cisco MDS 9000 Storage Services Node module en versiones anteriores a la 5.2(6) y Cisco IOS en Cisco VPN Services Port Adaptor para Catalyst 6500 12.2(33)SXI y 12.2(33)SXJ cuando se usa IP Security (también conocido como IPSec) permite que los atacantes remotos obtengan paquetes sin cifrar a través de sesiones sin cifrar. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120913-CVE-2011-4667 https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/release/notes/ol_14271/caveats_SXI_rebuilds.html • CWE-310: Cryptographic Issues •