Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-5560

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-13 Nov, 2013 | 15:00
Updated At-16 Sep, 2024 | 20:52
Rejected At-
Credits

The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCue34342.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:13 Nov, 2013 | 15:00
Updated At:16 Sep, 2024 | 20:52
Rejected At:
▼CVE Numbering Authority (CNA)

The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCue34342.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5560
vendor-advisory
x_refsource_CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=31716
x_refsource_CONFIRM
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5560
Resource:
vendor-advisory
x_refsource_CISCO
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=31716
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5560
vendor-advisory
x_refsource_CISCO
x_transferred
http://tools.cisco.com/security/center/viewAlert.x?alertId=31716
x_refsource_CONFIRM
x_transferred
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5560
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=31716
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:13 Nov, 2013 | 15:55
Updated At:11 Apr, 2025 | 00:51

The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCue34342.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.4MEDIUM
AV:N/AC:H/Au:N/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 5.4
Base severity: MEDIUM
Vector:
AV:N/AC:H/Au:N/C:N/I:N/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>Versions up to 9.1\(3\)(inclusive)
cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0\(0\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(0\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0\(1\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(1\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0\(2\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(2\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0\(4\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(4\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0\(5\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(5\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0\(5.2\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(5.2\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0\(6\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(6\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0\(6.7\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(6.7\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0\(7\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(7\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0\(8\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(8\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0.1
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0.1.4
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0.2
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0.4
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0.4.3
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0.5
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0.6
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.6:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0.7
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0.8
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.8:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.0.8
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.8:interim:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.1
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.1\(2\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\(2\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.1\(2.5\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\(2.5\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.1\(2.27\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\(2.27\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.1\(2.48\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\(2.48\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.1\(2.49\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\(2.49\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.1\(5\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\(5\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.1.1
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.1.2
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(1\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(1\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(1.22\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(1.22\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(2\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(2.5\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.5\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(2.7\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.7\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(2.8\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.8\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(2.10\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.10\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(2.14\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.14\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(2.15\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.15\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(2.16\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.16\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(2.17\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.17\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(2.18\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.18\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(2.19\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.19\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(2.48\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.48\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(3\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(3\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(4\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(4\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2\(5\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(5\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>7.2.1
cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5560psirt@cisco.com
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=31716psirt@cisco.com
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5560af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=31716af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5560
Source: psirt@cisco.com
Resource:
Vendor Advisory
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=31716
Source: psirt@cisco.com
Resource:
Vendor Advisory
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5560
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=31716
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1160Records found
CVE-2014-0658
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.75% / 81.78%
||
7 Day CHG-0.31%
Published-10 Jan, 2014 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_ip_phones_9900_series_firmwareunified_ip_phone_9951unified_ip_phone_9971n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6706
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.75% / 81.78%
||
7 Day CHG~0.00%
Published-29 Nov, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3263
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.77% / 72.59%
||
7 Day CHG~0.00%
Published-16 May, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1203
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 68.11%
||
7 Day CHG~0.00%
Published-18 Jun, 2013 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service (device reload) via crafted TCP packets that appear to have been forwarded by a Cisco Adaptive Security Appliances (ASA) device, aka Bug ID CSCue88386.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asa_cx_context-aware_security_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4016
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.50% / 65.08%
||
7 Day CHG~0.00%
Published-02 May, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-284
Improper Access Control
CVE-2011-4007
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-02 May, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2586
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-02 May, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6981
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-2.02% / 83.01%
||
7 Day CHG~0.00%
Published-28 Dec, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1625
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.33% / 55.34%
||
7 Day CHG~0.00%
Published-18 Aug, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing window," aka Bug ID CSCtf74999, a different vulnerability than CVE-2007-0199, CVE-2008-1152, and CVE-2009-0629.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2009-2049
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.67% / 81.34%
||
7 Day CHG~0.00%
Published-30 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xeiosn/a
CWE ID-CWE-16
Not Available
CVE-2007-0964
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.67% / 70.37%
||
7 Day CHG~0.00%
Published-16 Feb, 2007 | 00:00
Updated-07 Aug, 2024 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firewall_services_modulen/a
CVE-2009-0629
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.77% / 72.57%
||
7 Day CHG~0.00%
Published-27 Mar, 2009 | 16:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xriosn/a
CVE-2008-2057
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.58% / 80.84%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 21:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-pix_security_applianceadaptive_security_appliance_softwaren/a
CVE-2015-4203
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.66% / 70.17%
||
7 Day CHG~0.00%
Published-23 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosubr10000_cable_modem_termination_systemn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2015-4228
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 56.66%
||
7 Day CHG~0.00%
Published-02 Jul, 2015 | 14:42
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad servers to cause a denial of service (reboot) via malformed ad messages, aka Bug ID CSCur13999.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-digital_content_managern/a
CVE-2014-3347
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.46% / 63.10%
||
7 Day CHG~0.00%
Published-28 Aug, 2014 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-1801_integrated_service_router1803_integrated_service_router1861_integrated_service_router1802_integrated_service_routerios1811_integrated_service_router1812_integrated_service_router1841_integrated_service_routern/a
CVE-2005-3788
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.22% / 78.22%
||
7 Day CHG~0.00%
Published-24 Nov, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka "failover denial of service."

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwaren/a
CVE-2013-5567
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.50% / 80.39%
||
7 Day CHG~0.00%
Published-14 Jul, 2014 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka Bug ID CSCui45606.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwaren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2013-6693
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 58.12%
||
7 Day CHG~0.00%
Published-22 Nov, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios7600_routern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-5544
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.34% / 79.20%
||
7 Day CHG~0.00%
Published-22 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VPN authentication functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) by sending many username-from-cert IKE requests, aka Bug ID CSCua91108.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwaren/a
CVE-2013-3441
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.71% / 71.28%
||
7 Day CHG~0.00%
Published-22 Jul, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Aironet 3600 access points allow remote attackers to cause a denial of service (memory corruption and device crash) by disrupting Cisco Wireless LAN Controller communication and consequently forcing many transitions from FlexConnect mode to Standalone mode, aka Bug ID CSCuh71210.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-aironet_3600eaironet_3600aironet_3600paironet_3600in/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1100
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.54% / 66.70%
||
7 Day CHG~0.00%
Published-13 Feb, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_3750catalyst_4503catalyst_2955catalyst_6500_ws-svc-nam-1catalyst_3750gcatalyst_4224catalyst_3500xlcatalyst_6509-v-ecatalyst_3200catalyst_2926tcatalyst_2820catalyst_2948g-l3catalyst_2900_vlancatalyst_6500_ws-svc-nam-2catalyst_2980gcatalyst_6503-ecatalyst_5509catalyst_4506catalyst_2948-ge-txcatalyst_2902catalyst_4500catalyst_6513catalyst_8540csrcatalyst_2940catalyst_6500_ws-x6380-namcatalyst_2926gscatalyst_2901catalyst_2926catalyst_2900xlcatalyst_6509-neb-acatalyst_3750_metrocatalyst_2980g-acatalyst_4510rcatalyst_3500_xlcatalyst_2970catalyst_3550ioscatalyst_6608catalyst_6504-ecatalyst_6000_ws-x6380-namcatalyst_4507rcatalyst_4840gcatalyst_2926fcatalyst_8510csrcatalyst_2900catalyst_6509-ecatalyst_4908g-l3catalyst_6000_ws-svc-nam-1catalyst_3750-ecatalyst_6000catalyst_4232catalyst_2950_lrecatalyst_5000catalyst_3560catalyst_3750-xcatalyst_5500catalyst_4948catalyst_6513-ecatalyst_6624catalyst_8510msrcatalyst_6500catalyst_4912gcatalyst_7600_ws-x6380-namcatalyst_8500catalyst_6000_ws-svc-nam-2catalyst_7600_ws-svc-nam-2catalyst_2920catalyst_7600catalyst_3000catalyst_7600_ws-svc-nam-1catalyst_4232-13catalyst_2948gcatalyst_5505catalyst_3560-xcatalyst_4000catalyst_3900catalyst_4200catalyst_2948catalyst_3500catalyst_2950catalyst_3560-ecatalyst_6506-ecatalyst_ws-c2924-xlcatalyst_2926glcatalyst_8540msrn/a
CVE-2013-1121
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-19 Sep, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nx-osn/a
CVE-2013-1210
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.71% / 71.33%
||
7 Day CHG~0.00%
Published-29 May, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nexus_1000vnx-osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5044
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-23 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-4094
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.84% / 73.81%
||
7 Day CHG~0.00%
Published-24 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug ID CSCtl00198.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_systemn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-1317
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-23 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-4019
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosunified_communications_managern/a
CVE-2017-3824
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.54% / 66.66%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 07:24
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco cBR-8 Converged Broadband Routers running vulnerable versions of Cisco IOS XE are affected. More Information: CSCux40637. Known Affected Releases: 15.5(3)S 15.6(1)S. Known Fixed Releases: 15.5(3)S2 15.6(1)S1 15.6(2)S 15.6(2)SP 16.4(1).

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-cbr-8_converged_broadband_routerios_xeCisco IOS XE 15.x
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5415
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.33% / 55.34%
||
7 Day CHG~0.00%
Published-16 Apr, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-5500_series_adaptive_security_appliance5500_adaptive_security_applianceadaptive_security_appliancen/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-1395
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.21% / 78.13%
||
7 Day CHG-0.36%
Published-19 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-rv130w_wireless-n_multifunction_vpn_router_firmwarerv215w_wireless-n_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110w_wireless-n_vpn_firewall_firmwarerv130w_wireless-n_multifunction_vpn_routerrv110w_wireless-n_vpn_firewalln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0926
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.3||HIGH
EPSS-4.52% / 88.72%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_desktopn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1464
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-4.49% / 88.67%
||
7 Day CHG~0.00%
Published-03 Sep, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_wrf_player_t29n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0925
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.3||HIGH
EPSS-2.36% / 84.30%
||
7 Day CHG~0.00%
Published-28 Feb, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_desktopn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2183
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.30% / 52.40%
||
7 Day CHG~0.00%
Published-29 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asr_1001asr_1002_fixed_routerasr_1023_routerasr_1002-xios_xeasr_1004asr_1006asr_1013asr_1002n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-15424
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.23% / 45.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2016-1364
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.13%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjour traffic, aka Bug ID CSCur66908.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controller_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1450
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.28%
||
7 Day CHG~0.00%
Published-15 Jul, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1409
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-4.14% / 88.19%
||
7 Day CHG+0.72%
Published-29 May, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosnx-osios_xeios_xrn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4687
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.76% / 72.28%
||
7 Day CHG~0.00%
Published-07 Jan, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0604
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.18% / 39.24%
||
7 Day CHG~0.00%
Published-07 Feb, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_ip_phones_9971_firmwareunified_ip_phones_9951_firmwareunified_ip_phone_9951unified_ip_phone_9971n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4684
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.68% / 70.63%
||
7 Day CHG~0.00%
Published-07 Jan, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4679
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.04%
||
7 Day CHG~0.00%
Published-07 Jan, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwareasa_55005500_series_adaptive_security_appliancen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4329
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.26%
||
7 Day CHG~0.00%
Published-20 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_video_communication_server_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2827
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-16 Aug, 2010 | 18:25
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2840
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-26 Aug, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_presence_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2819
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-06 Aug, 2010 | 19:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firewall_services_module_softwarecatalyst_6500firewall_services_modulecatalyst_7600n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-5568
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.35% / 56.58%
||
7 Day CHG~0.00%
Published-13 Nov, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data, aka Bug ID CSCui33308.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2629
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.32%
||
7 Day CHG~0.00%
Published-06 Jul, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ace_4710content_services_switch_11500n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1563
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.24% / 78.39%
||
7 Day CHG~0.00%
Published-14 May, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-pgw_2200_softswitchn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 23
  • 24
  • Next
Details not found