CVSS: 7.1EPSS: 2%CPEs: 2EXPL: 0CVE-2008-4963
https://notcve.org/view.php?id=CVE-2008-4963
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port. Vulnerabilidad inespecífica en la implementación en Cisco IOS y CatOS del protocolo VLAN Trunking (VTP), cuando el modo de operación de VTP no es transparente, permite a atacantes remotos producir una denegación de servicio (el dispositivo se recarga o se cuelga) a través de un paquete VTP manipulado. • http://osvdb.org/49601 http://secunia.com/advisories/32573 http://securitytracker.com/id?1021143 http://www.cisco.com/en/US/products/products_security_response09186a0080a231cf.html http://www.securityfocus.com/bid/32120 http://www.securitytracker.com/id?1021144 https://exchange.xforce.ibmcloud.com/vulnerabilities/46346 •
CVSS: 10.0EPSS: 97%CPEs: 165EXPL: 2CVE-2008-0960 – SNMPv3 - HMAC Validation error Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-0960
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. Una comprobación SNMPv3 HMAC en (1) Net-SNMP versión 5.2.x anterior a 5.2.4.1, versión 5.3.x anterior a 5.3.2.1 y versión 5.4.x anterior a 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) C-series versión 1.0.0 hasta 2.0.0 de Juniper Session and Resource Control (SRC); (5) Data de NetApp (también se conoce como Network Appliance) ONTAP versiones 7.3RC1 y 7.3RC2; (6) SNMP Research versión anterior a 16.2; (7) múltiples productos Cisco IOS, CatOS, ACE y Nexus; (8) Ingate Firewall versión 3.1.0 y posterior y SIParator versión 3.1.0 y posterior; (9) HP OpenView SNMP Emanate Master Agent versión 15.x; y posiblemente otros productos dependen del cliente para especificar la longitud del HMAC, lo que facilita que los atacantes remotos omitan la autenticación SNMP por medio de un valor de longitud de 1, que solo comprueba el primer byte. • https://www.exploit-db.com/exploits/5790 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.ingate.com/pipermail/productinfo/2008/000021.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html http://marc.info/?l=bugtraq&m=127730470825399&w=2 http://rhn.redhat.com/errata/RHSA-2008-0528.html http://secunia.com/advisories/30574 http://secunia.com/advisories/30596 http://secunia.com/advisories/30612 http://secunia.c • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 2%CPEs: 22EXPL: 0CVE-2007-5651
https://notcve.org/view.php?id=CVE-2007-5651
Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet. Vulnerabilidad no especificada en la implementación Extensible Authentication Protocol (EAP) en Cisco IOS 12.3 y 12.4 sobre Cisco Access Points y 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 y 12.2 sobre Cisco switches (Wired EAP dispositivos), y CatOS 6.x hasta la 8.x sobre Cisco switches permite a atacantes remotos provocar denegación de servicio (recarga de dispositivo) a través de un paquete EAP Response Identity manipulado. • http://secunia.com/advisories/27329 http://www.cisco.com/en/US/products/products_security_response09186a00808de8bb.html http://www.securityfocus.com/bid/26139 http://www.securitytracker.com/id?1018842 http://www.vupen.com/english/advisories/2007/3566 https://exchange.xforce.ibmcloud.com/vulnerabilities/37300 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5288 •
CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 1CVE-2007-5134
https://notcve.org/view.php?id=CVE-2007-5134
Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP addresses for Ethernet Out-of-Band Channel (EOBC) internal communication, which might allow remote attackers to send packets to an interface for which network exposure was unintended. Las series de dispositivos Cisco Catalyst 6500 y Cisco 7600 utilizan direcciones IP 127/8 para el Canal Ethernet Fuera de Banda (EOBC, Ethernet Out-of-Band Channel), lo cual permite a atacantes remotos enviar paquetes a una interfaz para la cual la exposición de la red no era intencionada. • http://seclists.org/fulldisclosure/2007/Sep/0573.html http://secunia.com/advisories/26988 http://securitytracker.com/id?1018742 http://www.cisco.com/warp/public/707/cisco-sr-20070926-lb.shtml http://www.securityfocus.com/bid/25822 http://www.securitytracker.com/id?1018743 http://www.vupen.com/english/advisories/2007/3276 https://exchange.xforce.ibmcloud.com/vulnerabilities/36826 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 8%CPEs: 2EXPL: 0CVE-2006-4775
https://notcve.org/view.php?id=CVE-2006-4775
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context. El VLAN Trunking Protocol (VTP) característico en Cisco IOS 12.1(19) y CatOS permite a un atacante remoto provocar una denegación de servicio con el envío de una actualización de VTP con un valor de revisión de 0x7FFFFFFF, el cual se incrementa a 0x80000000 y es interpretado como un número negativo en un contexto de señales. • http://secunia.com/advisories/21896 http://secunia.com/advisories/21902 http://securitytracker.com/id?1016843 http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml http://www.kb.cert.org/vuls/id/175148 http://www.osvdb.org/28776 http://www.phenoelit.de/stuff/CiscoVTP.txt http://www.securityfocus.com/archive/1/445896/100/0/threaded http://www.securityfocus.com/archive/1/445938/100/0/threaded http://www.securityfocus.com/bid/19998 http://www.vupen& • CWE-399: Resource Management Errors •