NotCVE - vendor:"Cisco" product:"Cisco Ios" version:"12.3"

8 results (0.009 seconds)

CVSS: 8.6EPSS: 0%CPEs: 837EXPL: 0

CVE-2024-20433

https://notcve.org/view.php?id=CVE-2024-20433

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An attacker could exploit this vulnerability by sending RSVP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rsvp-dos-OypvgVZf • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.0EPSS: 2%CPEs: 67EXPL: 0

CVE-2009-0628

https://notcve.org/view.php?id=CVE-2009-0628

Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak. Fuga de memoria en la funcionalidad SSLVPN en Cisco IOS v12.3 hasta v12.4 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del dispositivo) mediante la conexión de una sesión SSL de forma anormal, precedida de una pérdida de bloque de control de transmisión (TCB). • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021896 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90424.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34239 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49427 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12092 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 2%CPEs: 67EXPL: 0

CVE-2009-0634

https://notcve.org/view.php?id=CVE-2009-0634

Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337. Múltiples vulnerabilidades no especificadas en la implementación del agente "home" (HA) en (1) la funcionalida de Mobile IP NAT Traversal y (2) el subsistema Mobile IPv6 en Cisco IOS v12.3 hasta v12.4 permite a atacantes remotos provocar una denegación de servicio (presión en la cola de entrada y parada del interfaz) mediante un paquete ICMP, conocido como Bug ID CSCso05337. • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021898 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a9042f.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34241 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49424 https://exchange.xforce.ibmcloud.com/vulnerabilities/49585 https://oval.cisecurity.org/repository/search/definition/oval% •

CVSS: 7.1EPSS: 2%CPEs: 67EXPL: 0

CVE-2009-0633

https://notcve.org/view.php?id=CVE-2009-0633

Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220. Múltiples vulnerabilidades no especificadas en (1) la funcionalidad Mobile IP NAT Traversal y (2) el subsistema Mobile IPv6 en Cisco IOS v12.3 hasta v12.4 permite a atacantes remotos provocar una denegación de servicio (presión en la cola de entrada y parada del interfaz) mediante paquetes MIPv6, conocido como Bug ID CSCsm97220. • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021898 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a9042f.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34241 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12290 •

CVSS: 10.0EPSS: 97%CPEs: 165EXPL: 2

CVE-2008-0960 – SNMPv3 - HMAC Validation error Remote Authentication Bypass

https://notcve.org/view.php?id=CVE-2008-0960

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. Una comprobación SNMPv3 HMAC en (1) Net-SNMP versión 5.2.x anterior a 5.2.4.1, versión 5.3.x anterior a 5.3.2.1 y versión 5.4.x anterior a 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) C-series versión 1.0.0 hasta 2.0.0 de Juniper Session and Resource Control (SRC); (5) Data de NetApp (también se conoce como Network Appliance) ONTAP versiones 7.3RC1 y 7.3RC2; (6) SNMP Research versión anterior a 16.2; (7) múltiples productos Cisco IOS, CatOS, ACE y Nexus; (8) Ingate Firewall versión 3.1.0 y posterior y SIParator versión 3.1.0 y posterior; (9) HP OpenView SNMP Emanate Master Agent versión 15.x; y posiblemente otros productos dependen del cliente para especificar la longitud del HMAC, lo que facilita que los atacantes remotos omitan la autenticación SNMP por medio de un valor de longitud de 1, que solo comprueba el primer byte. • https://www.exploit-db.com/exploits/5790 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.ingate.com/pipermail/productinfo/2008/000021.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html http://marc.info/?l=bugtraq&m=127730470825399&w=2 http://rhn.redhat.com/errata/RHSA-2008-0528.html http://secunia.com/advisories/30574 http://secunia.com/advisories/30596 http://secunia.com/advisories/30612 http://secunia.c • CWE-287: Improper Authentication •

1 2