Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-0708

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-29 Apr, 2015 | 01:00
Updated At-06 Aug, 2024 | 04:17
Rejected At-
Credits

Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:29 Apr, 2015 | 01:00
Updated At:06 Aug, 2024 | 04:17
Rejected At:
▼CVE Numbering Authority (CNA)

Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tools.cisco.com/security/center/viewAlert.x?alertId=38543
vendor-advisory
x_refsource_CISCO
http://www.securitytracker.com/id/1032210
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=38543
Resource:
vendor-advisory
x_refsource_CISCO
Hyperlink: http://www.securitytracker.com/id/1032210
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tools.cisco.com/security/center/viewAlert.x?alertId=38543
vendor-advisory
x_refsource_CISCO
x_transferred
http://www.securitytracker.com/id/1032210
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=38543
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://www.securitytracker.com/id/1032210
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:29 Apr, 2015 | 01:59
Updated At:12 Apr, 2025 | 10:46

Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.1MEDIUM
AV:A/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 6.1
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>ios_xe>>3.13s.0
cpe:2.3:o:cisco:ios_xe:3.13s.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>3.13s.1
cpe:2.3:o:cisco:ios_xe:3.13s.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>3.14s.0
cpe:2.3:o:cisco:ios_xe:3.14s.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>15.4\(3\)s
cpe:2.3:o:cisco:ios:15.4\(3\)s:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>15.4\(3\)s1
cpe:2.3:o:cisco:ios:15.4\(3\)s1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>15.4\(3\)sn1
cpe:2.3:o:cisco:ios:15.4\(3\)sn1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>15.4s
cpe:2.3:o:cisco:ios:15.4s:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>15.4sn
cpe:2.3:o:cisco:ios:15.4sn:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>15.5\(1\)s
cpe:2.3:o:cisco:ios:15.5\(1\)s:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>15.5s
cpe:2.3:o:cisco:ios:15.5s:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://tools.cisco.com/security/center/viewAlert.x?alertId=38543psirt@cisco.com
Vendor Advisory
http://www.securitytracker.com/id/1032210psirt@cisco.com
N/A
http://tools.cisco.com/security/center/viewAlert.x?alertId=38543af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securitytracker.com/id/1032210af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=38543
Source: psirt@cisco.com
Resource:
Vendor Advisory
Hyperlink: http://www.securitytracker.com/id/1032210
Source: psirt@cisco.com
Resource: N/A
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=38543
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securitytracker.com/id/1032210
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

120Records found
CVE-2020-3486
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:52
Updated-13 Nov, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9130catalyst_9800-40catalyst_9800_embedded_wireless_controllercatalyst_9120catalyst_9800-clcatalyst_9800-80catalyst_9117catalyst_9115catalyst_9105Cisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3508
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.08% / 22.73%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:51
Updated-13 Nov, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability

A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3650-24ps-scatalyst_3850-32xs-e1100-6g_integrated_services_routercatalyst_3850-12xs-scatalyst_3850-24s-e4331\/k9_integrated_services_routercatalyst_3850-24p-scatalyst_3650-24pdm-lcatalyst_3850-16xs-s4331_integrated_services_router4461_integrated_services_routerasr_1000-xcatalyst_3650-24ts-ecatalyst_3650-24ps-lcatalyst_3650-48td-s111x_integrated_services_routercatalyst_3650-8x24pd-scatalyst_3850-48u-lcatalyst_3650-48ts-l4321\/k9_integrated_services_routerasr_1013catalyst_3650-48tq-ecatalyst_3650-48fd-lcatalyst_3650-48fs-lcatalyst_3650-48pq-ecatalyst_3650-48fs-ecatalyst_3650-24pd-lcatalyst_3650-24pd-scatalyst_3650-24td-lcatalyst_3650-24ts-lcatalyst_3650-48fd-scatalyst_3650-48fs-scatalyst_3850-48t-scatalyst_3650-48pq-lcatalyst_3850-24t-scatalyst_3650-8x24pd-ecatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_3850-24xu-e4331\/k9-ws_integrated_services_router4351\/k9_integrated_services_router1160_integrated_services_routercatalyst_3650-24td-scatalyst_3650-48pd-lcatalyst_3850-48u-scatalyst_3850-16xs-ecatalyst_3650-48tq-s1100-lte_integrated_services_routercatalyst_3650-24pdm-scatalyst_3850-48p-e1109_integrated_services_routercatalyst_3650-48fqm-scatalyst_3850-48t-lcatalyst_3650-48fd-e1000vcatalyst_3650-12x48fd-scatalyst_c3850-12x48u-e1100-4g_integrated_services_router1111x_integrated_services_routercatalyst_3650-48fq-ecatalyst_3650-48tq-l1101-4p_integrated_services_routercatalyst_3650-12x48fd-l1100-4p_integrated_services_routercatalyst_3650-48fq-scatalyst_3850-24p-ecatalyst_3850-48xs-f-sasr_1006catalyst_3850-48t-ecatalyst_3650-48pq-scatalyst_3850-24xu-s1100-4gltegb_integrated_services_router1101_integrated_services_router4331\/k9-rf_integrated_services_routercatalyst_3650-48td-lcatalyst_c3850-12x48u-scatalyst_3650-48fqm-lcatalyst_3850-24xs-ecatalyst_3850-12s-scatalyst_3850-24u-lcatalyst_3850-48f-scatalyst_3850-24u-s1100-4gltena_integrated_services_router1100_integrated_services_routercatalyst_c3850-12x48u-lcatalyst_3850-48f-easr_10234321\/k9-rf_integrated_services_routercatalyst_3850-32xs-scatalyst_3650-48ps-lasr_1001catalyst_3650-12x48fd-ecatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_3850-48xs-ecatalyst_3850-24s-scatalyst_3650-24td-ecatalyst_3650-48td-ecatalyst_3650-8x24pd-lasr_1001-hxasr_1002-xcsr1000vcatalyst_3650-48fq-lcatalyst_3850-48p-scatalyst_3650-48pd-scatalyst_3650-24pd-easr_1002-hx4351\/k9-ws_integrated_services_router1109-2p_integrated_services_routercatalyst_3850-48xs-f-easr_1002asr_1004catalyst_3850-12s-ecatalyst_3850-24p-l1120_integrated_services_routercatalyst_3850-24t-e4351\/k9-rf_integrated_services_router4321\/k9-ws_integrated_services_routercatalyst_3650-24ts-scatalyst_3650-24ps-e4321_integrated_services_routercatalyst_3850-24xs-scatalyst_3650-48ps-s4431_integrated_services_routercatalyst_3650-48fqm-ecatalyst_3650-48pd-ecatalyst_3650-24pdm-easr_1000catalyst_3850-24u-ecatalyst_3850-48xs-sios_xecatalyst_3650-48ts-ecatalyst_3850-48p-l1111x-8p_integrated_services_router1100-8p_integrated_services_router1109-4p_integrated_services_routerasr_1001-xcatalyst_3650-48ts-scatalyst_3650-48ps-e4351_integrated_services_routercatalyst_3850-12xs-eCisco IOS XE Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-3428
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.08% / 24.41%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:55
Updated-13 Nov, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability

A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit could cause an affected device to reboot, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_c9300-24pcatalyst_c9407rcatalyst_c9300-48pcatalyst_c9300-48u1100_integrated_services_router4331_integrated_services_routercatalyst_9800-l-c4461_integrated_services_routercatalyst_c9500-16xcatalyst_c9200-24pcatalyst_c9300-48tcatalyst_c9500-12q111x_integrated_services_routercatalyst_c9500-24qasr_1006-xcatalyst_c9200-48tcatalyst_9800-lcatalyst_c9300-24sasr_1013catalyst_c9300l-48p-4xcatalyst_c9500-24y4ccatalyst_c9200l-24t-4gcloud_services_router_1000v4221_integrated_services_routercatalyst_c9404rcatalyst_c9300-24ucatalyst_9800-clcatalyst_c9500-32casr_1001-hxcatalyst_c9200l-48p-4gasr_1002-xcatalyst_c9300l-24p-4gasr_1009-x4451-x_integrated_services_routercatalyst_c9500-32qccatalyst_c9200l-24p-4gcatalyst_c9300-48scatalyst_c9600_switch1160_integrated_services_routercatalyst_c9300l-48t-4xasr_1002-hxcatalyst_c9300l-24t-4gintegrated_services_virtual_routercatalyst_c9200l-24pxg-2ycatalyst_c9300l-24t-4xcatalyst_9800-80catalyst_9800-l-fasr_10041109_integrated_services_routercatalyst_c9200l-24p-4xcatalyst_c9200-48pcatalyst_c9300l-24p-4xcatalyst_c9300l-48p-4g1120_integrated_services_routercatalyst_c9300-48uncatalyst_c9200l-24t-4x1111x_integrated_services_routercatalyst_c9300-48uxm4321_integrated_services_routercatalyst_9800-40catalyst_c9300-24t4431_integrated_services_routercatalyst_c9200l-24pxg-4xcatalyst_c9500-40xios_xecatalyst_c9300l-48t-4gcatalyst_c9500-48y4casr_1006catalyst_c9300-24uxasr_1001-xcatalyst_c9200-24t1101_integrated_services_router4351_integrated_services_routercatalyst_c9410rCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-3494
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:52
Updated-13 Nov, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-l-ccatalyst_9800-40catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3465
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:53
Updated-13 Nov, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vg400ir_11011100-8p1109-2p4431_integrated_services_router9800-clcsr_1000v9800-lios_xe4221_integrated_services_routeresr6300isrv4331_integrated_services_router1101-4p4461_integrated_services_router1109-4p1111x-8p1100-4p1100_terminal_services_gatewaysCisco IOS XE Software 16.8.1
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3488
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:52
Updated-13 Nov, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-l-ccatalyst_9800-40catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3409
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:01
Updated-13 Nov, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability

A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iem-3400-8tie-4000-8t4g-eie-3300-8p2s-eie-4000-16t4g-eiem-3300-8sie-3400-8t2s-eie-3300-8t2x-eiosie-4000-8s4g-eie-3400-8p2s-aiem-3300-8tiem-3300-16pie-4000-8gt8gp4g-eiem-3300-14t2siem-3300-8pie-4000-8gt4g-eie-3300-8p2s-aie-4000-4gs8gp4g-eie-4000-4tc4g-eie-4000-4gc4gp4g-eiem-3400-8piem-3300-16tie-3300-8t2s-eiem-3300-6t2sie-3200-8t2s-eie-4000-4s8p4g-eie-3200-8p2s-eios_xeie-4000-8gs4g-eie-3400-8p2s-eie-4000-16gt4g-eiem-3400-8sie-3300-8t2s-aie-3300-8t2x-aie-4000-4t4p4g-eCisco IOS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-3489
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:52
Updated-13 Nov, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-l-ccatalyst_9800-40catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3505
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 16:15
Updated-13 Nov, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-8400_ip_camera_firmware8630_ip_camera_firmware8620_ip_camera8000p_ip_camera_firmware8930_speed_dome_ip_camera_firmware8020_ip_camera8400_ip_camera8030_ip_camera_firmware8070_ip_camera_firmware8620_ip_camera_firmware8070_ip_camera8020_ip_camera_firmware8000p_ip_camera8930_speed_dome_ip_camera8030_ip_camera8630_ip_cameraCisco Video Surveillance 8000 Series IP Cameras
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-3120
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.32% / 54.94%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 17:50
Updated-15 Nov, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-xrv_9000firepower_9300nexus_93180lc-exfirepower_4150nexus_56128pnexus_3172tqncs_540-28z4c-sys-dnx-osnexus_3636c-rnexus_93128txnexus_9336pq_aci_spinencs_5501-sencs_6000fxosasr_9006mds_9506ncs_540lnexus_3132q-vnexus_9332cnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172mds_9718nexus_9272qmds_9148sncs_540-24z8q2c-sysmds_9513mds_9148tncs_540x-12z16g-sys-dnexus_93180yc-fxasr_9000vmds_9132tncs_540x-16z4g8q2c-dfirepower_4140nexus_3432d-sucs_managerucs_6454nexus_3524mds_9216ncs_540-12z20g-sys-ancs_5002nexus_3016mds_9216aucs_64108nexus_92304qcucs_6248upfirepower_4125nexus_3048nexus_9372tx-enexus_93360yc-fx2nexus_3524-xlucs_6324nexus_9396txfirepower_4120nexus_3232c_nexus_7000nexus_3064ncs_540-acc-sysnexus_5548upnexus_9396pxmds_9216inexus_5596tnexus_9372txnexus_5624qasr_9906nexus_3064-tnexus_3408-snexus_9372px-encs_540x-12z16g-sys-anexus_7700asr_9901ucs_6300nexus_9332pqncs_5001nexus_93108tc-exasr_9010nexus_9508nexus_93120txfirepower_4110ncs_5516nexus_1000vecrsncs_540x-acc-sysfirepower_4145nexus_3548-xlnexus_31128pqnexus_9364cnexus_3164qnexus_3132c-znexus_5548pncs_540-12z20g-sys-dnexus_5648qncs_5501ncs_560nexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upasr_9001nexus_3264qasr_9904ncs_540x-16z4g8q2c-anexus_34180ycnexus_9000vmds_9509nexus_31108pc-vmds_9706nexus_5596upfirepower_4115ncs_5502nexus_3548nexus_3132qnexus_9372pxnexus_5696qnexus_92160yc-xnexus_9504ncs_540-28z4c-sys-anexus_93108tc-fxnexus_92300ycios_xrncs_5502-sencs_5508mds_9222iucs_6296upncs_5011nexus_1000vfirepower_extensible_operating_systemnexus_3264c-enexus_93240yc-fx2nexus_3548-xasr_9910nexus_3132q-xlmds_9710asr_9912asr_9922nexus_3172tq-xlnexus_93180yc-exnexus_9236cnexus_9516nexus_3172pq-xlCisco IOS XR Software
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-3493
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:52
Updated-13 Nov, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-l-ccatalyst_9800-40catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0058
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 60.97%
||
7 Day CHG~0.00%
Published-05 Feb, 2009 | 00:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_3750_series_integrated_wireless_lan_controllercatalyst_6500_series_integrated_wireless_lan_controllerwireless_lan_controller_software4400_wireless_lan_controllercatalyst_7600_series_wireless_lan_controllern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6431
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.69%
||
7 Day CHG~0.00%
Published-23 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xen/a
CVE-2014-3379
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.83% / 74.54%
||
7 Day CHG~0.00%
Published-20 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xrnetwork_convergence_system_6008network_convergence_system_6000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3273
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.35% / 57.48%
||
7 Day CHG~0.00%
Published-20 May, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3409
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.06% / 77.69%
||
7 Day CHG~0.00%
Published-25 Oct, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xen/a
CVE-2014-3322
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.63% / 70.30%
||
7 Day CHG~0.00%
Published-24 Jul, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xrasr_9904asr_9000_rsp440_routerasr_9922asr_9001asr_9006asr_9010asr_9912n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2144
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.14% / 33.83%
||
7 Day CHG~0.00%
Published-05 Apr, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xrn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1308
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 26.58%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:05
Updated-08 Nov, 2024 | 23:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260_firmwarerv340_firmwarerv345prv345rv134w_firmwarerv160w_firmwarerv160_firmwarerv345p_firmwarerv260w_firmwarerv340w_firmwarerv132w_firmwarerv160wrv260rv260wrv340wrv132wrv260prv345_firmwarerv340rv260p_firmwarerv134wrv160Cisco Small Business RV Series Router Firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2011-3274
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.68% / 71.59%
||
7 Day CHG~0.00%
Published-03 Oct, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCto07919.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xen/a
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found