Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-4622

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-27 Sep, 2012 | 00:00
Updated At-06 Aug, 2024 | 20:42
Rejected At-
Credits

Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:27 Sep, 2012 | 00:00
Updated At:06 Aug, 2024 | 20:42
Rejected At:
▼CVE Numbering Authority (CNA)

Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ecc
vendor-advisory
x_refsource_CISCO
http://osvdb.org/85821
vdb-entry
x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/78886
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/55701
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id?1027573
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ecc
Resource:
vendor-advisory
x_refsource_CISCO
Hyperlink: http://osvdb.org/85821
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/78886
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/55701
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id?1027573
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ecc
vendor-advisory
x_refsource_CISCO
x_transferred
http://osvdb.org/85821
vdb-entry
x_refsource_OSVDB
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/78886
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/55701
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id?1027573
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ecc
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://osvdb.org/85821
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/78886
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/55701
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id?1027573
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:27 Sep, 2012 | 00:55
Updated At:11 Apr, 2025 | 00:51

Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.1HIGH
AV:N/AC:M/Au:N/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 7.1
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>ios_xe>>3.2.00.xo.15.0\(2\)xo
cpe:2.3:o:cisco:ios_xe:3.2.00.xo.15.0\(2\)xo:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>catalyst_4500e_series>>-
cpe:2.3:h:cisco:catalyst_4500e_series:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/85821psirt@cisco.com
N/A
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-eccpsirt@cisco.com
Vendor Advisory
http://www.securityfocus.com/bid/55701psirt@cisco.com
N/A
http://www.securitytracker.com/id?1027573psirt@cisco.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/78886psirt@cisco.com
N/A
http://osvdb.org/85821af854a3a-2127-422b-91ae-364da2661108
N/A
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-eccaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/55701af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1027573af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/78886af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://osvdb.org/85821
Source: psirt@cisco.com
Resource: N/A
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ecc
Source: psirt@cisco.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/55701
Source: psirt@cisco.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1027573
Source: psirt@cisco.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/78886
Source: psirt@cisco.com
Resource: N/A
Hyperlink: http://osvdb.org/85821
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ecc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/55701
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1027573
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/78886
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

173Records found
CVE-2022-20623
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-18.37% / 94.98%
||
7 Day CHG~0.00%
Published-23 Feb, 2022 | 17:40
Updated-06 Nov, 2024 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability

A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-n9k-c9232cn9k-c92348gc-xn9k-x97284yc-fxn9k-x9788tc-fxn9k-c9364c-gxn9k-c9272qn9k-c93600cd-gxn9k-x97160yc-exn9k-x9732c-exnx-osn9k-c93240yc-fx2n9k-c93108tc-exn9k-c9236cn9k-c9332cn9k-c9364cn9k-c9336c-fx2n9k-c92300ycn9k-c9316d-gxn9k-c92160yc-xn9k-x9732c-fxn9k-c93108tc-fxn9k-c93360yc-fx2n9k-c92304qcn9k-c93180yc-exn9k-c93180yc-fxn9k-c93180lc-exn9k-x9736c-fxn9k-c9348gc-fxpn9k-c93180yc2-fxn9k-x9736c-exn9k-c93216tc-fx2Cisco NX-OS Software
CWE ID-CWE-399
Not Available
CVE-2018-15399
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.45% / 62.86%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability

A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-20694
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.40% / 60.07%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:15
Updated-06 Nov, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability

A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-617
Reachable Assertion
CVE-2007-4293
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-1.61% / 81.00%
||
7 Day CHG~0.00%
Published-09 Aug, 2007 | 21:00
Updated-07 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CVE-2018-0179
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.9||MEDIUM
EPSS-2.39% / 84.41%
||
7 Day CHG~0.00%
Published-28 Mar, 2018 | 22:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_9300l-24t-4g-acatalyst_8540csrcatalyst_3850-48xs-f-scatalyst_8300-2n2s-6tcatalyst_3850-16xs-scatalyst_3650-24pd-l4331\/k9-rf_integrated_services_routercatalyst_3850-48p-ecatalyst_9300-24t-e4461_integrated_services_router8201catalyst_3850-24u-lasr_1002-xcatalyst_8540msr1100-6g_integrated_services_routercatalyst_3650-24ts-scatalyst_3650-24pdm-ecatalyst_3850-16xs-ecatalyst_8500lcatalyst_3850-48f-ecatalyst_3850-12s-scatalyst_9300-24p-acatalyst_3850-24xu-scatalyst_3650-48pd-lcatalyst_3650-24pdm-s1905_integrated_services_router4000_integrated_services_routercatalyst_9300l-48t-4x-ecatalyst_3650-24pd-scatalyst_9300-24s-a1000_integrated_services_routerasr_1000-xcatalyst_3850-24p-scatalyst_3650-12x48urcatalyst_3650-48pq-scatalyst_9300l-24t-4x-ecatalyst_3650-12x48uz-lcatalyst_3650-48fd-s1841_integrated_service_routercatalyst_3850-24u-scatalyst_3650-48ps-lintegrated_services_virtual_routerasr_1000-esp100-xcatalyst_9200lcatalyst_9600xcatalyst_9300-48t-acatalyst_9300xcatalyst_3650-48fd-ecatalyst_8300-1n1s-6tcatalyst_9300l-24p-4x-acatalyst_3850-48xs-scatalyst_3650-48fqmcatalyst_3650-24ps-lcatalyst_3850-48p-scatalyst_3850-48u-lcatalyst_3650-48ts-ecatalyst_9410rcatalyst_3650-12x48ur-scatalyst_3650-12x48uz-scatalyst_3850-nm-2-40gcatalyst_3650-12x48uq-ecatalyst_3650-24ps-ecatalyst_3650-24pdm8800_8-slot88121812_integrated_service_routerios1101-4p_integrated_services_routercatalyst_9300-48un-acatalyst_9800-clasr_1004catalyst_8200asr_1001-xcatalyst_3850-32xs-scatalyst_3650-12x48ur-easr_1023catalyst_3650-8x24pd-ecatalyst_9300l-48p-4x-a1111x-8p_integrated_services_routercatalyst_3850-48u-ecatalyst_3650-24ts-lcatalyst_3850-48t-e1941_integrated_services_routercatalyst_9300l-48t-4g-a3945_integrated_services_routercatalyst_3650-12x48uq-s8218catalyst_9800-l-f1906c_integrated_services_router4351\/k9-ws_integrated_services_router1100-4g_integrated_services_router1100-4gltena_integrated_services_routercatalyst_3850-12x48ucatalyst_3850-24pw-scatalyst_85008818catalyst_3850-24xu1109_integrated_services_routercatalyst_9300l-48t-4g-ecatalyst_3650-24td-l8202catalyst_3650-48fqm-e8208catalyst_3650-48fd-lcatalyst_3650-48fq-scatalyst_3850-48f-scatalyst_9300l-24p-4x-easr_1002-hxcatalyst_3650-48fs-l1109-2p_integrated_services_routerasr_1001-hxcatalyst_9300lmcatalyst_3650-12x48uz88081100-lte_integrated_services_routercatalyst_9300-24p-e1811_integrated_service_router422_integrated_services_routercatalyst_3650-48tq-lcatalyst_3850-12xs-s8212catalyst_9300lcatalyst_3850-24s-e3925_integrated_services_routercatalyst_9800-40catalyst_3650-48pd-easr_1002-x_rcatalyst_9300-24ux-easr_1000catalyst_3650-24ps-scatalyst_3850-24p-ecatalyst_9300l-48p-4g-easr_1009-x1109-4p_integrated_services_routercatalyst_3650-48ps-s1921_integrated_services_routeresr-6300-ncp-k94451_integrated_services_router8101-32fhcatalyst_3650-48td-scatalyst_3650-48ts-scatalyst_9300l-48t-4x-a1803_integrated_service_routercatalyst_3650-48fqm-lcloud_services_router_1000vcatalyst_3650-12x48uqcatalyst_9800catalyst_3850-24t-e4331_integrated_services_routercatalyst_3650-48fq-lcatalyst_3650-24pdm-lcatalyst_3650-48tq-s1100-8p_integrated_services_router1111x_integrated_services_routercatalyst_9300l-48p-4g-acatalyst_9300l-24t-4g-ecatalyst_9400catalyst_3850-24s-scatalyst_8300-2n2s-4t2x1100_integrated_services_router1861_integrated_service_routercatalyst_3650-12x48fd-lasr_1002catalyst_3850-48t-scatalyst_9600catalyst_3850-24xu-lcatalyst_9300-48un-ecatalyst_9300l_stackcatalyst_9300-48s-e1941w_integrated_services_routercatalyst_3650-8x24uqcatalyst_8300-1n1s-4t2xcatalyst_3650-24pd-easr_1013catalyst_3650catalyst_3850-48t-lcatalyst_9200cx1131_integrated_services_router111x_integrated_services_router4451-x_integrated_services_routerasr_1000-esp200-xasr_1006-xcatalyst_3850-24u-ecatalyst_9800-l1802_integrated_service_router88041160_integrated_services_routercatalyst_3650-48pq-lcatalyst_3650-48fs-scatalyst_8510csrcatalyst_3850-nm-8-10g1101_integrated_services_router8102-64hcatalyst_3650-24td-s3945e_integrated_services_routercatalyst_3650-12x48uz-ecatalyst_3650-24ts-e4321\/k9-rf_integrated_services_routercatalyst_3650-48ts-lcatalyst_9300-24t-acatalyst_ie3400_heavy_duty_switch4351\/k9-rf_integrated_services_routercatalyst_8500-4qcesr-6300-con-k9catalyst_3850-48p-l8800_4-slotcatalyst_3850-24p-lcatalyst_3650-48fqcatalyst_3650-48ps-e8800_18-slotcatalyst_9300-48uxm-acatalyst_38508201-32fhcatalyst_9200catalyst_9300-48p-acatalyst_3850-48pw-scatalyst_3850-48xs-f-ecatalyst_8510msrcatalyst_3850-48u-s1100-4p_integrated_services_routercatalyst_9300l-24p-4g-ecatalyst_ie3400_rugged_switchcatalyst_3650-48pd-s4331\/k9-ws_integrated_services_routercatalyst_3650-48td-l4321\/k9-ws_integrated_services_routerasr_1001-x_rcatalyst_3650-48tq-ecatalyst_9300l-24p-4g-acatalyst_3850-48xs-e8800_12-slotcatalyst_9300-24ux-acatalyst_9407rcatalyst_9800-80catalyst_3650-8x24uq-s44461_integrated_services_routercatalyst_95004321\/k9_integrated_services_router4331\/k9_integrated_services_router4321_integrated_services_routercatalyst_9300-48s-a8101-32hcatalyst_3650-8x24uq-lcatalyst_3650-48fq-ecatalyst_3850-24xs-easr_1001-hx_rcatalyst_3850-24t-scatalyst_3850-24xs-scatalyst_3650-48fs-easr_1000-esp100catalyst_9300l-48p-4x-ecatalyst_9500h4221_integrated_services_routerasr_1006catalyst_3650-48td-easr_10013925e_integrated_services_routercatalyst_3650-12x48uq-lcatalyst_ie3300_rugged_switch4431_integrated_services_router4351\/k9_integrated_services_routercatalyst_3650-24td-ecatalyst_3650-12x48fd-scatalyst_9300-48uxm-ecatalyst_3850-24xu-ecatalyst_9300catalyst_3650-12x48fd-ecatalyst_3650-48fqm-scatalyst_3850-12xs-ecatalyst_3850-24u1120_integrated_services_routercatalyst_3850-48xscatalyst_9300l-24t-4x-acatalyst_9300-24u-acatalyst_3850-24t-lcatalyst_9300-48u-ecatalyst_9300-48t-e1100-4gltegb_integrated_services_routercatalyst_9300-48p-ecatalyst_9300-48u-acatalyst_3650-8x24pd-l8831catalyst_3650-48pq-ecatalyst_9300-24s-ecatalyst_3850-24xscatalyst_3650-8x24pd-s1100-4g\/6g_integrated_services_routercatalyst_3850-48f-l1801_integrated_service_routercatalyst_8300catalyst_3850-48ucatalyst_3650-12x48ur-lcatalyst_9300-24u-ecatalyst_9800-l-ccatalyst_3650-8x24uq-ecatalyst_3850-12s-ecatalyst_3850-32xs-easr_1002-hx_rcatalyst_3650-24pdCisco IOSIOS Software
CVE-2018-0476
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.9||MEDIUM
EPSS-4.29% / 88.41%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of SIP packets in transit while NAT is performed on an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted SIP packets via UDP port 5060 through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-399
Not Available
CVE-2018-0180
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.9||MEDIUM
EPSS-2.05% / 83.13%
||
7 Day CHG~0.00%
Published-28 Mar, 2018 | 22:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_9300l-24t-4g-acatalyst_8540csrcatalyst_3850-48xs-f-scatalyst_8300-2n2s-6tcatalyst_3850-16xs-scatalyst_3650-24pd-l4331\/k9-rf_integrated_services_routercatalyst_3850-48p-ecatalyst_9300-24t-e4461_integrated_services_router8201catalyst_3850-24u-lasr_1002-xcatalyst_8540msr1100-6g_integrated_services_routercatalyst_3650-24ts-scatalyst_3650-24pdm-ecatalyst_3850-16xs-ecatalyst_8500lcatalyst_3850-48f-ecatalyst_3850-12s-scatalyst_9300-24p-acatalyst_3850-24xu-scatalyst_3650-48pd-lcatalyst_3650-24pdm-s1905_integrated_services_router4000_integrated_services_routercatalyst_9300l-48t-4x-ecatalyst_3650-24pd-scatalyst_9300-24s-a1000_integrated_services_routerasr_1000-xcatalyst_3850-24p-scatalyst_3650-12x48urcatalyst_3650-48pq-scatalyst_9300l-24t-4x-ecatalyst_3650-12x48uz-lcatalyst_3650-48fd-s1841_integrated_service_routercatalyst_3850-24u-scatalyst_3650-48ps-lintegrated_services_virtual_routerasr_1000-esp100-xcatalyst_9200lcatalyst_9600xcatalyst_9300-48t-acatalyst_9300xcatalyst_3650-48fd-ecatalyst_8300-1n1s-6tcatalyst_9300l-24p-4x-acatalyst_3850-48xs-scatalyst_3650-48fqmcatalyst_3650-24ps-lcatalyst_3850-48p-scatalyst_3850-48u-lcatalyst_3650-48ts-ecatalyst_9410rcatalyst_3650-12x48ur-scatalyst_3650-12x48uz-scatalyst_3850-nm-2-40gcatalyst_3650-12x48uq-ecatalyst_3650-24ps-ecatalyst_3650-24pdm8800_8-slot88121812_integrated_service_routerios1101-4p_integrated_services_routercatalyst_9300-48un-acatalyst_9800-clasr_1004catalyst_8200asr_1001-xcatalyst_3850-32xs-scatalyst_3650-12x48ur-easr_1023catalyst_3650-8x24pd-ecatalyst_9300l-48p-4x-a1111x-8p_integrated_services_routercatalyst_3850-48u-ecatalyst_3650-24ts-lcatalyst_3850-48t-e1941_integrated_services_routercatalyst_9300l-48t-4g-a3945_integrated_services_routercatalyst_3650-12x48uq-s8218catalyst_9800-l-f1906c_integrated_services_router4351\/k9-ws_integrated_services_router1100-4g_integrated_services_router1100-4gltena_integrated_services_routercatalyst_3850-12x48ucatalyst_3850-24pw-scatalyst_85008818catalyst_3850-24xu1109_integrated_services_routercatalyst_9300l-48t-4g-ecatalyst_3650-24td-l8202catalyst_3650-48fqm-e8208catalyst_3650-48fd-lcatalyst_3650-48fq-scatalyst_3850-48f-scatalyst_9300l-24p-4x-easr_1002-hxcatalyst_3650-48fs-l1109-2p_integrated_services_routerasr_1001-hxcatalyst_9300lmcatalyst_3650-12x48uz88081100-lte_integrated_services_routercatalyst_9300-24p-e1811_integrated_service_router422_integrated_services_routercatalyst_3650-48tq-lcatalyst_3850-12xs-s8212catalyst_9300lcatalyst_3850-24s-e3925_integrated_services_routercatalyst_9800-40catalyst_3650-48pd-easr_1002-x_rcatalyst_9300-24ux-easr_1000catalyst_3650-24ps-scatalyst_3850-24p-ecatalyst_9300l-48p-4g-easr_1009-x1109-4p_integrated_services_routercatalyst_3650-48ps-s1921_integrated_services_routeresr-6300-ncp-k94451_integrated_services_router8101-32fhcatalyst_3650-48td-scatalyst_3650-48ts-scatalyst_9300l-48t-4x-a1803_integrated_service_routercatalyst_3650-48fqm-lcloud_services_router_1000vcatalyst_3650-12x48uqcatalyst_9800catalyst_3850-24t-e4331_integrated_services_routercatalyst_3650-48fq-lcatalyst_3650-24pdm-lcatalyst_3650-48tq-s1100-8p_integrated_services_router1111x_integrated_services_routercatalyst_9300l-48p-4g-acatalyst_9300l-24t-4g-ecatalyst_9400catalyst_3850-24s-scatalyst_8300-2n2s-4t2x1100_integrated_services_router1861_integrated_service_routercatalyst_3650-12x48fd-lasr_1002catalyst_3850-48t-scatalyst_9600catalyst_3850-24xu-lcatalyst_9300-48un-ecatalyst_9300l_stackcatalyst_9300-48s-e1941w_integrated_services_routercatalyst_3650-8x24uqcatalyst_8300-1n1s-4t2xcatalyst_3650-24pd-easr_1013catalyst_3650catalyst_3850-48t-lcatalyst_9200cx1131_integrated_services_router111x_integrated_services_router4451-x_integrated_services_routerasr_1000-esp200-xasr_1006-xcatalyst_3850-24u-ecatalyst_9800-l1802_integrated_service_router88041160_integrated_services_routercatalyst_3650-48pq-lcatalyst_3650-48fs-scatalyst_8510csrcatalyst_3850-nm-8-10g1101_integrated_services_router8102-64hcatalyst_3650-24td-s3945e_integrated_services_routercatalyst_3650-12x48uz-ecatalyst_3650-24ts-e4321\/k9-rf_integrated_services_routercatalyst_3650-48ts-lcatalyst_9300-24t-acatalyst_ie3400_heavy_duty_switch4351\/k9-rf_integrated_services_routercatalyst_8500-4qcesr-6300-con-k9catalyst_3850-48p-l8800_4-slotcatalyst_3850-24p-lcatalyst_3650-48fqcatalyst_3650-48ps-e8800_18-slotcatalyst_9300-48uxm-acatalyst_38508201-32fhcatalyst_9200catalyst_9300-48p-acatalyst_3850-48pw-scatalyst_3850-48xs-f-ecatalyst_8510msrcatalyst_3850-48u-s1100-4p_integrated_services_routercatalyst_9300l-24p-4g-ecatalyst_ie3400_rugged_switchcatalyst_3650-48pd-s4331\/k9-ws_integrated_services_routercatalyst_3650-48td-l4321\/k9-ws_integrated_services_routerasr_1001-x_rcatalyst_3650-48tq-ecatalyst_9300l-24p-4g-acatalyst_3850-48xs-e8800_12-slotcatalyst_9300-24ux-acatalyst_9407rcatalyst_9800-80catalyst_3650-8x24uq-s44461_integrated_services_routercatalyst_95004321\/k9_integrated_services_router4331\/k9_integrated_services_router4321_integrated_services_routercatalyst_9300-48s-a8101-32hcatalyst_3650-8x24uq-lcatalyst_3650-48fq-ecatalyst_3850-24xs-easr_1001-hx_rcatalyst_3850-24t-scatalyst_3850-24xs-scatalyst_3650-48fs-easr_1000-esp100catalyst_9300l-48p-4x-ecatalyst_9500h4221_integrated_services_routerasr_1006catalyst_3650-48td-easr_10013925e_integrated_services_routercatalyst_3650-12x48uq-lcatalyst_ie3300_rugged_switch4431_integrated_services_router4351\/k9_integrated_services_routercatalyst_3650-24td-ecatalyst_3650-12x48fd-scatalyst_9300-48uxm-ecatalyst_3850-24xu-ecatalyst_9300catalyst_3650-12x48fd-ecatalyst_3650-48fqm-scatalyst_3850-12xs-ecatalyst_3850-24u1120_integrated_services_routercatalyst_3850-48xscatalyst_9300l-24t-4x-acatalyst_9300-24u-acatalyst_3850-24t-lcatalyst_9300-48u-ecatalyst_9300-48t-e1100-4gltegb_integrated_services_routercatalyst_9300-48p-ecatalyst_9300-48u-acatalyst_3650-8x24pd-l8831catalyst_3650-48pq-ecatalyst_9300-24s-ecatalyst_3850-24xscatalyst_3650-8x24pd-s1100-4g\/6g_integrated_services_routercatalyst_3850-48f-l1801_integrated_service_routercatalyst_8300catalyst_3850-48ucatalyst_3650-12x48ur-lcatalyst_9300-24u-ecatalyst_9800-l-ccatalyst_3650-8x24uq-ecatalyst_3850-12s-ecatalyst_3850-32xs-easr_1002-hx_rcatalyst_3650-24pdCisco IOSIOS Software
CVE-2018-0282
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 57.39%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 00:00
Updated-21 Nov, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ie_2000-4ts-gcatalyst_2960cg-8tc-lembedded_service_2020_24tc_con_bcatalyst_3560cpd-8pt-sie_2000-4tcatalyst_2960s-48fps-lcatalyst_3560cg-8tc-sie_2000-16tc-gcatalyst_2960c-8tc-lcatalyst_3750x-48t-lcatalyst_3750x-24p-scatalyst_2960x-24td-lcatalyst_2960x-48fpd-lcatalyst_2960x-24ts-llcatalyst_2960-plus_48pst-lie_3000-8tccatalyst_3750x-24p-ecatalyst_2960x-24pd-lcatalyst_3750x-12s-scatalyst_2960cpd-8tt-lcatalyst_2960-plus_24pc-scatalyst_3560x-48t-scatalyst_3560x-48p-eie_2000-16ptc-gcatalyst_2960xr-24td-icatalyst_3560c-8pc-scatalyst_3560x-48p-lcatalyst_3750x-48t-sembedded_service_2020_24tc_ncpcatalyst_2960-plus_48pst-sie_2000-8tc-gcatalyst_2960s-48lpd-lie_2000-4tscatalyst_3750x-48u-ecatalyst_3560x-24p-lcatalyst_2960s-f48ts-scatalyst_3560x-48pf-lcatalyst_3750x-48u-scatalyst_3750x-24s-eembedded_service_2020_ncp_bcatalyst_2960x-24ps-lcatalyst_4500_supervisor_engine_6-ecatalyst_2960s-24ts-lcatalyst_2960x-48ts-lcatalyst_2960s-f48fps-lie_2000-16tc-g-ecatalyst_4500_supervisor_engine_6l-ecatalyst_3560x-48t-ecatalyst_2960-plus_24tc-lcatalyst_3750x-24t-lcatalyst_3750x-12s-eembedded_service_2020_concatalyst_3560x-24u-ecatalyst_3560x-48u-eembedded_service_2020_24tc_concatalyst_2960s-48ts-lcatalyst_2960x-48lps-lcatalyst_2960x-48td-lie_2000-16tccatalyst_3560x-48u-scatalyst_3750x-24u-scatalyst_2960xr-48td-iembedded_service_2020_con_bcatalyst_2960xr-24ps-icatalyst_2960x-48ts-llcatalyst_2960s-f24ps-lcatalyst_2960s-f48lps-lcatalyst_2960xr-24pd-icatalyst_2960cpd-8pt-lcatalyst_2960-plus_24pc-lcatalyst_2960s-f24ts-lcatalyst_3560x-48pf-scatalyst_2960s-f24ts-scatalyst_2960c-8tc-sie-3010-24tccatalyst_2960-plus_24lc-lcatalyst_3750x-48p-sie_2000-8tcie_2000-8tc-g-ecatalyst_2960-plus_48tc-lcatalyst_3750x-48pf-scatalyst_3560x-24t-lie_2000-4t-gcatalyst_3560x-24p-ecatalyst_2960x-48lpd-lcatalyst_3750x-24p-lie_3000-4tcie_2000-8tc-g-ncatalyst_3560cg-8pc-scatalyst_3560x-48t-lcatalyst_3560x-48u-lcatalyst_3750x-24s-sie_2000-16tc-g-xcatalyst_3560x-24u-lcatalyst_2960s-48fpd-lcatalyst_2960s-48ts-ssm-x_layer_2\/3_etherswitch_service_modulecatalyst_2960s-24td-lcatalyst_3560x-48p-scatalyst_2960-plus_24lc-scatalyst_3750x-48p-lcatalyst_2960s-48td-lie_2000-24t67catalyst_2960xr-24ts-icatalyst_3750x-24u-lcatalyst_2960xr-48lps-icatalyst_2960x-24psq-lcatalyst_2960xr-48ts-icatalyst_3560x-24t-ecatalyst_4948ecatalyst_2960-plus_24tc-scatalyst_4948e-fcatalyst_2960s-24ps-lcatalyst_2960s-f48ts-lcatalyst_3560x-24p-scatalyst_2960xr-48fps-iie-3010-16s-8pccatalyst_2960c-8pc-lcatalyst_2960-plus_48tc-scatalyst_4900mie_2000-16t67embedded_service_2020_ncpcatalyst_3750x-48u-lioscatalyst_2960xr-48fpd-icatalyst_3560x-48pf-eie_2000-4s-ts-gcatalyst_2960s-24pd-lcatalyst_3750x-48t-eie_2000-16t67pie_2000-8t67pcatalyst_3750x-48p-ecatalyst_3560x-24t-scatalyst_3750x-24t-scatalyst_3750x-48pf-ecatalyst_2960xr-48lpd-iie_2000-16tc-g-ncatalyst_3560c-12pc-scatalyst_3560x-24u-sios_xecatalyst_2960c-12pc-lcatalyst_3750x-24t-ecatalyst_3750x-24u-ecatalyst_3750x-48pf-lcatalyst_2960x-24ts-lie_2000-8t67catalyst_2960s-48lps-lcatalyst_2960x-48fps-lembedded_service_2020_24tc_ncp_bCisco IOS
CWE ID-CWE-371
Not Available
CVE-2018-0469
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.08% / 76.92%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Web UI Denial of Service Vulnerability

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-415
Double Free
CVE-2018-0397
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.45% / 62.86%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 20:00
Updated-26 Nov, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. The vulnerability exists if the affected software is running in Block network conviction mode. Exploitation could occur if the system that is running the affected software starts a server process and an address in the IP blacklist cache of the affected software attempts to connect to the affected system. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition. Cisco Bug IDs: CSCvk08192.

Action-Not Available
Vendor-n/aCisco Systems, Inc.Apple Inc.
Product-mac_os_xadvanced_malware_protection_for_endpointsCisco AMP for Endpoints Mac Connector unknown
CWE ID-CWE-399
Not Available
CVE-2021-40118
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.26% / 49.49%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:56
Updated-07 Nov, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliance_softwareasa_5585-x_firmwareasa_5505_firmwareasa_5580_firmwareasa_5515-xasa_5545-x_firmwareadaptive_security_applianceasa_5545-xasa_5525-x_firmwareasa_5505asa_5555-xasa_5580asa_5585-xasa_5515-x_firmwareasa_5525-xasa_5555-x_firmwareasa_5512-x_firmwareasa_5512-xfirepower_threat_defenseCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40116
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.78% / 72.80%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:56
Updated-07 Jul, 2025 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Cisco Products Snort Rule Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centersnortfirepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-241
Improper Handling of Unexpected Data Type
CVE-2017-3850
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 59.55%
||
7 Day CHG~0.00%
Published-21 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: (1) the device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured); and (2) the device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload. Cisco Bug IDs: CSCvc42729.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xeCisco IOS and IOS XE
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3885
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.45% / 62.86%
||
7 Day CHG~0.00%
Published-07 Apr, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Detection Engine
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-3812
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.69% / 70.79%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 07:24
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-industrial_ethernet_2000_4t-g-l_switchindustrial_ethernet_2000_4ts-b_switchindustrial_ethernet_2000_16t67-b_switchindustrial_ethernet_2000_4s-ts-g-l_switchindustrial_ethernet_2000_16tc-g-e_switchindustrial_ethernet_2000_8tc-g-l_switchindustrial_ethernet_2000_4t-g-b_switchindustrial_ethernet_2000_4ts-l_switchindustrial_ethernet_2000_8tc-g-e_switchindustrial_ethernet_2000_16tc-g-x_switchindustrial_ethernet_2000_4s-ts-g-b_switchindustrial_ethernet_2000_8t67-b_switchindustrial_ethernet_2000_24t67-b_switchindustrial_ethernet_2000_16ptc-g-nx_switchindustrial_ethernet_2000_4ts-g-l_switchindustrial_ethernet_2000_16t67p-g-e_switchindustrial_ethernet_2000_series_firmwareindustrial_ethernet_2000_16ptc-g-e_switchindustrial_ethernet_2000_16tc-g-l_switchindustrial_ethernet_2000_8tc-g-b_switchindustrial_ethernet_2000_8t67p-g-e_switchindustrial_ethernet_2000_16tc-l_switchindustrial_ethernet_2000_8tc-l_switchindustrial_ethernet_2000_4t-b_switchindustrial_ethernet_2000_4t-l_switchindustrial_ethernet_2000_8tc-b_switchindustrial_ethernet_2000_16ptc-g-l_switchindustrial_ethernet_2000_8tc-g-n_switchindustrial_ethernet_2000_4ts-g-b_switchindustrial_ethernet_2000_16tc-g-n_switchCisco Industrial Ethernet 2000 Switches 15.2(5.4.32i)E2
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-34704
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.25% / 48.52%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 18:50
Updated-06 Nov, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance Software
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-34781
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.43% / 61.66%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:55
Updated-07 Nov, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability

A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, which causes a DoS condition on the affected device. The device must be manually reloaded to recover.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_management_center_virtual_appliancefirepower_threat_defensesourcefire_defense_centerCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2011-2561
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.40% / 59.84%
||
7 Day CHG~0.00%
Published-29 Aug, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CVE-2013-5512
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.11% / 30.18%
||
7 Day CHG~0.00%
Published-13 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.5), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.4), 9.0.x before 9.0(1.4), and 9.1.x before 9.1(1.2), in certain conditions involving the spoof-server option or ActiveX or Java response inspection, allows remote attackers to cause a denial of service (device reload) via a crafted HTTP response, aka Bug ID CSCud37992.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwaren/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2013-5549
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.40% / 59.84%
||
7 Day CHG~0.00%
Published-25 Oct, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xrn/a
CVE-2021-1573
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.18% / 40.28%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 18:55
Updated-06 Nov, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliancefirepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance Software
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1446
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.29% / 84.05%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:06
Updated-08 Nov, 2024 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability

A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a logic error that occurs when an affected device inspects certain DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through an affected device that is performing NAT for DNS packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability can be exploited only by traffic that is sent through an affected device via IPv4 packets. The vulnerability cannot be exploited via IPv6 traffic.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-3397
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.53% / 66.21%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 15:40
Updated-13 Nov, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Border Gateway Protocol Multicast VPN Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3132c-znexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_92300ycnexus_3064nexus_3232cnexus_9396pxnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found