CVE-2022-20919 – Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20919
A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition. Una vulnerabilidad en el procesamiento de paquetes malformados del Protocolo Industrial Común (CIP) que se envían al software Cisco IOS y al software Cisco IOS XE podría permitir a un atacante remoto no autenticado causar una recarga no esperada del dispositivo afectado, lo que provocaría una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cip-dos-9rTbKLt9 • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVE-2014-3396
https://notcve.org/view.php?id=CVE-2014-3396
Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133. Cisco IOS XR en los dispositivos ASR 9000 no utiliza debidamente la compresión para la codificación de los rangos de puertos y los rangos de direcciones, lo que permite a atacantes remotos evadir las restricciones ACL de la tarjeta de línea Typhoon a través de trafico de transito, también conocido como Bug ID CSCup30133. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-3335
https://notcve.org/view.php?id=CVE-2014-3335
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750. Cisco IOS XR 4.3(.2) y anteriores en los dispositivos ASR 9000 no realiza debidamente el muestreo NetFlow de paquetes con direcciones MAC de destinos multicast, lo que permite a atacantes remotos causar una denegación de servicio (cuelgues de chip y tarjeta) a través de un paquete manipulado, también conocido como Bug ID CSCup77750. • http://secunia.com/advisories/60222 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335 http://tools.cisco.com/security/center/viewAlert.x?alertId=35416 http://www.securityfocus.com/bid/69383 http://www.securitytracker.com/id/1030757 https://exchange.xforce.ibmcloud.com/vulnerabilities/95443 • CWE-20: Improper Input Validation •
CVE-2014-3322
https://notcve.org/view.php?id=CVE-2014-3322
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417. Cisco IOS XR 4.3(.2) y anteriores en los dispositivos ASR 9000 no realiza debidamente el muestreo NetFlow de paquetes IP, lo que permite a atacantes remotos causar una denegación de servicio (cuelgues de chip y tarjeta) a través de paquetes (1) IPv4 o (2) IPv6 malformados, también conocido como Bug ID CSCuo68417. • http://secunia.com/advisories/60311 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322 http://tools.cisco.com/security/center/viewAlert.x?alertId=35009 http://www.securityfocus.com/bid/68833 http://www.securitytracker.com/id/1030623 • CWE-20: Improper Input Validation •
CVE-2014-3321
https://notcve.org/view.php?id=CVE-2014-3321
Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149. Cisco IOS XR 4.3.4 y anteriores en dispositivos ASR 9000, cuando el enrutamiento de 'bridge-group virtual interface' (BVI) está habilitado, permite a atacantes remotos causar una denegación de servicio (cuelgues de chip y tarjeta) a través de una serie de paquetes MPLS manipulados, también conocido como Bug ID CSCuo91149. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3321 http://tools.cisco.com/security/center/viewAlert.x?alertId=34936 http://www.securitytracker.com/id/1030597 • CWE-20: Improper Input Validation •