CVSS: 7.7EPSS: 0%CPEs: 155EXPL: 0CVE-2020-3235 – Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3235
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-20: Improper Input Validation CWE-118: Incorrect Access of Indexable Resource ('Range Error') •
CVSS: 6.3EPSS: 0%CPEs: 9EXPL: 0CVE-2015-0687
https://notcve.org/view.php?id=CVE-2015-0687
The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka Bug ID CSCuq04574. La implementación SNMP en Cisco IOS 15.1(2)SG4 en los dispositivos Catalyst 4500, cuando Virtual Switching System (VSS) de switch único está configurado, permite a usuarios remotos autenticados causar una denegación de servicio (caída de dispositivo) mediante la realización de sondeos SNMP, también conocido como Bug ID CSCuq04574. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38194 http://www.securitytracker.com/id/1032022 • CWE-399: Resource Management Errors •
CVSS: 5.4EPSS: 0%CPEs: 97EXPL: 0CVE-2013-1100
https://notcve.org/view.php?id=CVE-2013-1100
The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. El servidor HTTP en Cisco IOS en switches Catalyst no trata correctamente los eventos socket TCP, lo que permite a atacantes remotos provocar una denegación de servicio (caída de dispositivo) a través de paquetes hechos a mano en el puerto TCP (1) 80 o (2) 443, también conocido como Bug ID CSCuc53853. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1100 • CWE-399: Resource Management Errors •