CVSS: 8.6EPSS: 0%CPEs: 322EXPL: 0CVE-2022-20919 – Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20919
30 Sep 2022 — A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful expl... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cip-dos-9rTbKLt9 • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.3EPSS: 0%CPEs: 259EXPL: 0CVE-2022-20851 – Cisco IOS XE Software Web UI Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-20851
30 Sep 2022 — A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Adm... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-Gje47EMn • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 115EXPL: 0CVE-2021-1529 – Cisco IOS XE SD-WAN Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1529
21 Oct 2021 — A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. Una vulnerabilidad en l... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-rhpbE34A • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.7EPSS: 0%CPEs: 965EXPL: 0CVE-2021-1620 – Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1620
23 Sep 2021 — A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit coul... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr • CWE-563: Assignment to Variable without Use CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-3284
https://notcve.org/view.php?id=CVE-2014-3284
25 May 2014 — Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. Cisco IOS XE en dispositivos ASR1000, cuando terminación PPPoE está habilitada, permite a atacantes remotos causar una denegación de servicio (reinicio de dispositivo) a través de un paquete PPPoE malformado, también conocido como Bug ID CSCuo55180. • http://secunia.com/advisories/58405 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-2183
https://notcve.org/view.php?id=CVE-2014-2183
29 Apr 2014 — The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. El módulo L2TP en Cisco IOS XE 3.10S(.2) y anteriores en routers ASR 1000 permite a usuarios remotos autenticados causar una denegación de servicio (reinicio de tarjeta ESP) a través de un paquete L2TP manipulado, también conocido como Bug ID CSCun09973. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2183 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2012-5723
https://notcve.org/view.php?id=CVE-2012-5723
24 Apr 2014 — Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. Dispositivos Cisco ASR 1000 con software anterior a 3.8S, cuando el enrutamiento BDI está habilitado, permiten a atacantes remotos causar una denegación de servicio (reinicio de dispositivo) a través de paquetes (1) broadcast o (2) multicast ICMP manipulados con fra... • http://www.cisco.com/c/en/us/td/docs/routers/asr1000/release/notes/asr1k_rn_rel_notes/asr1k_caveats_38s.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5017
https://notcve.org/view.php?id=CVE-2012-5017
23 Apr 2014 — Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268. Cisco IOS anterior a 15.1(1)SY1 permite a usuarios remotos autenticados causar una denegación de servicio (reinicio de dispositivo) mediante el establecimiento de una sesión VPN y posteriormente enviando paquetes IKEv2 malformados, también conocido como Bug ID CSCub39268. • http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2012-1366
https://notcve.org/view.php?id=CVE-2012-1366
23 Apr 2014 — Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. Cisco IOS anterior a 15.1(1)SY en dispositivos ASR 1000, cuando seguimiento Multicast Listener Discovery (MLD) está habilitada para IPv6, permite a atacantes remotos causar una denegación de servicio (reinicio de dispositivo) a través de paquetes MLD manipulados, también conoc... • http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2013-2779
https://notcve.org/view.php?id=CVE-2013-2779
11 Apr 2013 — Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164. Cisco IOS XE v3.4 anterior a v3.4.5S, y v3.5 hasta v3.7 anterior a v3.7.1S, ,en Routers de la serie 1000 Agregación S... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000 • CWE-20: Improper Input Validation •