Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-4204

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-23 Jun, 2015 | 10:00
Updated At-06 Aug, 2024 | 06:04
Rejected At-
Credits

Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:23 Jun, 2015 | 10:00
Updated At:06 Aug, 2024 | 06:04
Rejected At:
▼CVE Numbering Authority (CNA)

Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1032692
vdb-entry
x_refsource_SECTRACK
http://tools.cisco.com/security/center/viewAlert.x?alertId=39440
vendor-advisory
x_refsource_CISCO
http://www.securityfocus.com/bid/75337
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1032692
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=39440
Resource:
vendor-advisory
x_refsource_CISCO
Hyperlink: http://www.securityfocus.com/bid/75337
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1032692
vdb-entry
x_refsource_SECTRACK
x_transferred
http://tools.cisco.com/security/center/viewAlert.x?alertId=39440
vendor-advisory
x_refsource_CISCO
x_transferred
http://www.securityfocus.com/bid/75337
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1032692
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=39440
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/75337
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:23 Jun, 2015 | 12:59
Updated At:12 Apr, 2025 | 10:46

Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>cisco_ios>>12.2
cpe:2.3:o:cisco:cisco_ios:12.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>cisco_ios>>12.2\(33\)
cpe:2.3:o:cisco:cisco_ios:12.2\(33\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ubr10000_cable_modem_termination_system>>-
cpe:2.3:h:cisco:ubr10000_cable_modem_termination_system:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://tools.cisco.com/security/center/viewAlert.x?alertId=39440psirt@cisco.com
Vendor Advisory
http://www.securityfocus.com/bid/75337psirt@cisco.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032692psirt@cisco.com
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=39440af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/75337af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032692af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=39440
Source: psirt@cisco.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/75337
Source: psirt@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1032692
Source: psirt@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=39440
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/75337
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1032692
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

76Records found
CVE-2019-1830
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.17% / 38.46%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 01:15
Updated-21 Nov, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Wireless LAN Controller Locally Significant Certificate Denial of Service Vulnerability

A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-wireless_lan_controller_softwareCisco Wireless LAN Controller (WLC)
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1806
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.88% / 74.39%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 21:45
Updated-21 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a malicious SNMP packet to an affected device. A successful exploit could allow the attacker to cause the device to cease forwarding traffic, which could result in a denial of service (DoS) condition. Cisco has released firmware updates that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sg500xg8f8tsg250-10p_firmwaresf550x-48mpsf250-24psg300-10p_firmwaresg300-52_firmwaresf500-24mp_firmwaresg250-18_firmwaresg500-52mp_firmwaresg250x-24p_firmwaresg300-52sg250x-24psg200-26sg250-18sg500-28sg500x-48sg550x-48p_firmwaresg200-50p_firmwaresg200-26_firmwaresx550x-24sf200-24_firmwaresg300-20sg500-28psf250-24p_firmwaresx550x-12fsf200-48sf350-48psf350-48sg550x-48mp_firmwaresg500x-24psf300-24_firmwaresf300-48psg500-52sf300-24mp_firmwaresg500-28mpp_firmwaresf550x-24mp_firmwaresg500-52psg350-28sg500-52_firmwaresf250-24sf550x-48p_firmwaresf300-24ppsg550x-48psg500x24mppsg250x-24_firmwaresg250-50hp_firmwaresx550x-24ft_firmwaresg300-10mpp_firmwaresg250x-24sf550x-48_firmwaresg200-50sg300-52mpsg350-10p_firmwaresf200-48p_firmwaresg200-50psf302-08p_firmwaresg350-10psg355-10psg500-52mpsx550x-16ft_firmwaresg250-50psg300-52pesw2-550x48dc_firmwaresf250-48sg250-26hpsg250x-48p_firmwaresg300-20_firmwaresf500-24p_firmwaresg500x-48mp_firmwaresf500-48sg300-10sfpsf500-24mpsg550x-24_firmwaresg250x-48_firmwaresg300-28_firmwaresf302-08psf500-24psg500-28mppsf200-24p_firmwaresg250-50p_firmwaresf302-08ppsf350-48p_firmwaresf300-48sg250-26sg300-10sfp_firmwaresg250x-48sf550x-48mp_firmwaresg350-28p_firmwaresf550x-24_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsg500xg8f8t_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresg350-10mpsf550x-48psg550x-24mppsf550x-24sf500-48psf200-24psg500-52p_firmwaresf500-48p_firmwaresg300-28mpsf302-08mp_firmwaresf350-48mp_firmwaresf250-24_firmwaresg350-28mpsf302-08sg350-28mp_firmwaresg300-28pp_firmwaresf200-24sx550x-24fsg500x-48psg250-26_firmwaresg350-10mp_firmwaresf302-08mpp_firmwaresg500x-48p_firmwaresg355-10p_firmwaresg550x-24mp_firmwaresg200-18_firmwaresg300-10psg300-52p_firmwaresf500-48mpsf300-48ppsg500x-24_firmwareesw2-550x48dcsg550x-48_firmwaresf550x-24p_firmwaresg300-10mp_firmwaresf302-08_firmwaresg300-10mpsg550x-24sf300-08sg300-10ppsg250-50_firmwaresf350-48_firmwaresg250-10psx550x-24f_firmwaresg250-08sg350-28psg250-26hp_firmwareesw2-350g52dc_firmwaresg200-26p_firmwaresf550x-48sg300-28sx550x-52_firmwaresg350-28_firmwaresg300-10_firmwaresg250-08hpsg350-10sg550x-24mpsg500x-24sf300-24p_firmwaresx550x-16ftsg550x-48mpsg350-10_firmwaresx550x-24ftsx550x-52sg250x-48psg500x-24p_firmwaresg250-26psg300-10pp_firmwaresf500-24sg300-10sf550x-24psf300-48p_firmwaresf350-48mpsg250-50sg300-10mppsg550x-24p_firmwaresg300-28psf300-24sg200-26psf200-48psf300-24psg550x-24psg300-28sfpsf302-08mppsf302-08mpsg550x-48sf300-48pp_firmwaresf250-48_firmwaresg250-08_firmwaresf300-24mpsg300-28mp_firmwareesw2-350g52dcsf550x-24mpsx550x-12f_firmwaresf302-08pp_firmwaresg250-50hpsg550x-24mpp_firmwaresf250-48hpsg200-18sg200-50_firmwaresg500x-48_firmwaresg500x-48mpsf300-08_firmwaresg250-26p_firmwaresf200-48_firmwaresx550x-24_firmwaresg300-28sfp_firmwaresg500-28_firmwaresf500-24_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf300-24pp_firmwaresg300-28p_firmwareCisco 550X Series Stackable Managed Switches
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-1693
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.42% / 61.00%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 15:05
Updated-21 Nov, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability

A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5550asa_5545-xasa_5505asa_5540adaptive_security_appliance_softwareasa_5555-xasa_5520asa_5510asa_5525-xasa_5580asa_5585-xasa_5512-xfirepower_threat_defenseasa_5515-xCisco Firepower Threat Defense (FTD) SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-399
Not Available
CVE-2019-1721
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.44% / 62.14%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 00:20
Updated-21 Nov, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition. Manual intervention may be required to recover the device. This vulnerability is fixed in Cisco Expressway Series and Cisco TelePresence Video Communication Server Releases X12.5.1 and later.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_video_communication_serverCisco TelePresence Video Communication Server (VCS)
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1720
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 54.09%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 00:20
Updated-21 Nov, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a specifically crafted XML payload. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition until the system is manually rebooted. Software versions prior to X12.5.1 are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_video_communication_serverCisco TelePresence Video Communication Server (VCS)
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15966
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.85% / 73.98%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 19:05
Updated-21 Nov, 2024 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_advanced_media_gatewayCisco TelePresence Advanced Media Gateway
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15258
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.27%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-21 Nov, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SPA100 Series Analog Telephone Adapters Web Management Interface Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper validation of user-supplied requests to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the device to stop responding, requiring manual intervention for recovery.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa112_firmwarespa122_firmwarespa112spa122Cisco SPA112 2-Port Phone Adapter
CWE ID-CWE-399
Not Available
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-12700
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-1.42% / 79.80%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability

A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300secure_firewall_management_centerfirepower_2100firepower_threat_defensefirepower_9300_firmwarefirepower_extensible_operating_systemfirepower_1000Cisco Firepower Management Center
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-20692
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.36% / 57.02%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:16
Updated-06 Nov, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-0371
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 59.76%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 11:00
Updated-29 Nov, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Web Admin Interface of an affected Cisco Meeting Server. A successful exploit could allow the attacker to restart the system, terminating all ongoing calls and resulting in a DoS condition on the affected product. This vulnerability affects the following releases of Cisco Meeting Server: Acano X-Series, Cisco Meeting Server 1000, Cisco Meeting Server 2000. Cisco Bug IDs: CSCvi48624.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-meeting_serverCisco Meeting Server unknown
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0248
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.31% / 53.90%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 21:30
Updated-21 Nov, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Wireless LAN Controller Software GUI Configuration Denial of Service Vulnerabilities

A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administrator credentials on the device. This vulnerability is due to incomplete input validation for unexpected configuration options that the attacker could submit while accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted user input when using the administrative GUI configuration feature. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Software versions prior to 8.3.150.0, 8.5.140.0, 8.8.111.0 are affected by this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-wireless_lan_controller_softwareCisco Wireless LAN Controller (WLC)
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0462
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.34% / 55.76%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability

A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_virtualization_softwareCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0291
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.91% / 74.83%
||
7 Day CHG~0.00%
Published-20 Jun, 2018 | 21:00
Updated-29 Nov, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuw99630, CSCvg71290, CSCvj67977.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nexus_56128pnexus_9332pqnexus_3132q-xnexus_93108tc-exnexus_3172tqnx-osnexus_9508nexus_3100-vnexus_3636c-rnexus_93120txnexus_n9k-x9636c-rnexus_93128txnexus_3548-xlnexus_31128pqnexus_6001pnexus_3164qnexus_5020nexus_3172tq-32tnexus_3132c-znexus_3524-xnexus_5548pnexus_5648qnexus_9272qucs_6120xpnexus_5672upnexus_3264qnexus_34180ycnexus_3064-32tnexus_5596upnexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xnexus_n9k-x9636q-rucs_6248upnexus_n9k-c9508-fm-rnexus_9504nexus_3048nexus_9500nexus_3524-xlucs_6324nexus_9396txnexus_7000nexus_3172pqnexus_3064-xucs_6332nexus_3232cnexus_5548upnexus_9396pxucs_6296upnexus_5010nexus_5000nexus_5596tnexus_3264c-enexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_93180yc-exnexus_6001tucs_6140xpnexus_172tq-xlnexus_c36180yc-rnexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS unknown
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0209
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.67% / 70.41%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 07:00
Updated-02 Dec, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device nay need to be manually reloaded to recover. The vulnerability is due to lack of proper input throttling of ingress SNMP traffic over an internal interface. An attacker could exploit this vulnerability by sending a crafted, heavy stream of SNMP traffic to the targeted device. An exploit could allow the attacker to cause the device to reload unexpectedly, causing a DoS condition. Cisco Bug IDs: CSCvg22135.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-sf500-48psg500x-24sf500-48sg500x-24psf500-24mpsg500-52sg500-28mppsf500-24psg500-52psf500-24sg500-52mpsg500x-48psg500x-48mpsg500-28sg500x-48sg500xg-8f8tsg500-28psf500-48mpsmall_business_500_series_stackable_managed_switches_firmwaresg500x-24mppCisco 550X Series Stackable Managed Switches
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-0456
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.85% / 73.90%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 20:00
Updated-26 Nov, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nx-osCisco NX-OS Software for Nexus 3000 Series 7.0(3)I7(3)
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0299
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.91% / 74.83%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 11:00
Updated-29 Nov, 2024 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete validation of an SNMP poll request for a specific MIB. An attacker could exploit this vulnerability by sending a specific SNMP poll request to the targeted device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg10442.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nexus_4001inx-osCisco Nexus 4000 unknown
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6720
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.14%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-sg500-28psg350-10psg350xg-24t_firmwaresg300-28pp_firmwaresf302-08ppsf300-24mp_firmwaresg355-10p_firmwareesw2-350g-52dc_firmwaresg550x-24mpsg350xg-24f_firmwaresg300-28p_firmwaresf350-48mp_firmwareesw2-550x-48dc_firmwaresf500-48_firmwaresf550x-48_firmwaresg350x-24psf302-08pp_firmwaresg350x-48sf550x-24mpsg350-10sx550x-24sg550x-24psx550x-16ft_firmwaresg350xg-24fsf500-24p_firmwareesw2-350g-52dcsg350x-24mp_firmwaresg300-20_firmwaresf302-08sg300-10pp_firmwaresf550x-24_firmwaresg300-10mpp_firmwaresf300-48psf350-48sf350-48mpsf550x-48p_firmwaresg350x-48p_firmwaresf550x-48mpsg500-28sf302-08mppsg350-28mpsg500x-48p_firmwaresx550x-52_firmwaresg550x-48p_firmwaresg550x-48sf300-24_firmwaresg300-52mp_firmwaresf500-24esw2-550x-48_firmwaresf500-48esw2-350g-52sf300-24psx550x-52sg550x-24mpp_firmwaresf550x-24sg300-28sg350-28_firmwaresx550x-24ftsg550x-48psg350xg-2f10sg500-52psg550x-48mpsf300-48_firmwaresg500-52mp_firmwaresg500xg-8f8t_firmwaresf550x-24psg550x-24p_firmwaresg300-52sf550x-24mp_firmwaresf350-48psg350-10mp_firmwaresf300-48ppsf300-08_firmwaresx550x-24ft_firmwaresg550x-24sf300-24pp_firmwaresg300-10psg500-28_firmwaresg350x-24_firmwaresg500x-24sg300-10ppsg355-10psg300-10sg300-52psf300-08sf300-24p_firmwaresg550x-24mppsg500-28p_firmwaresg300-10mpsg500xg-8f8tsf302-08_firmwaresg300-52mpsg350-28mp_firmwaresg300-20sg300-28mp_firmwaresg350-28psf350-48p_firmwaresg550x-48_firmwaresg500x-24psx550x-24_firmwaresg300-10p_firmwaresf300-24sg350-28p_firmwaresx550x-16ftesw2-550x-48dcsg500-52p_firmwaresf550x-48psg300-52_firmwaresg500x-24_firmwaresg350-28sf350-48_firmwaresg350x-48mp_firmwaresf500-24psg350x-48mpsg300-28psg500-28mppsg500x-24p_firmwaresx550x-12f_firmwaresf300-48p_firmwaresg350xg-24tsf302-08mpp_firmwaresg550x-24_firmwaresg300-10sfp_firmwaresg300-28mpsg350x-24sf300-24mpsg350x-48_firmwareesw2-350g-52_firmwaresf302-08mp_firmwaresg300-10mppsg300-52p_firmwaresf302-08mpsg350xg-2f10_firmwaresg500-52sg350xg-48tsg350xg-48t_firmwaresf500-48p_firmwaresg500x-48_firmwaresf300-24ppsg550x-48mp_firmwaresg500-52mpsg500-28mpp_firmwaresf550x-48sg300-10_firmwaresg300-10mp_firmwaresg300-28_firmwaresf550x-48mp_firmwaresg300-10sfpsg350x-48psg300-28ppsg350-10_firmwaresf302-08pesw2-550x-48sf300-48pp_firmwaresx550x-12fsf500-24_firmwaresf300-48sg550x-24mp_firmwaresg350-10mpsf302-08p_firmwaresg350x-24p_firmwaresf550x-24p_firmwaresf500-48psx550x-24fsg500x-48psg500x-48sg350x-24mpsg500-52_firmwaresg350-10p_firmwaresx550x-24f_firmwareCisco Small Business Managed Switches
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6609
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.80% / 73.04%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. An attacker needs to establish a valid IPsec tunnel before exploiting this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.8) 9.2(4.15) 9.4(4) 9.5(3.2) 9.6(2). Cisco Bug IDs: CSCun16158.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwareCisco ASA Software
CWE ID-CWE-399
Not Available
CVE-2021-34703
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 50.37%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:25
Updated-07 Nov, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a specific state. An unauthenticated, adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then waiting for an administrator of the device or a network management system (NMS) managing the device to retrieve the LLDP neighbor table of the device via either the CLI or SNMP. An authenticated, adjacent attacker with SNMP read-only credentials or low privileges on the device CLI could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then accessing the LLDP neighbor table via either the CLI or SNMP. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a reload of the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3650-24ps-scatalyst_3850catalyst_3850-32xs-ecatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-ecatalyst_3850-24p-scatalyst_3650-12x48urcatalyst_3650-24pdm-lcatalyst_3850-16xs-scatalyst_3850-48pw-scatalyst_9300l-24t-4x-acatalyst_3850-24ucatalyst_9300l_stackcatalyst_9300-48un-e4331_integrated_services_router4461_integrated_services_routercatalyst_9300-48p-acatalyst_9300-24s-acatalyst_3650-24ts-ecatalyst_3650-24ps-lcatalyst_9300l-24p-4g-ecatalyst_9300l-48t-4x-acatalyst_3650-48td-s111x_integrated_services_routercatalyst_3650-24pdmcatalyst_3650-8x24pd-scatalyst_3850-48u-lcatalyst_9800-lcatalyst_3650-48ts-lcatalyst_3650-48tq-ecatalyst_3850-nm-2-40gcatalyst_3650-8x24uq-lcatalyst_3650-48fd-lcatalyst_3650-48fs-lcatalyst_3650-48pq-ecatalyst_3650-48fs-ecatalyst_3650-24ts-lcatalyst_3650-24pd-lcatalyst_3650-24pd-scatalyst_3650-24td-lcatalyst_9300-24t-ecatalyst_3650-12x48uzcatalyst_9300l-24t-4g-ecatalyst_3850-48xscatalyst_3650-12x48uqcatalyst_3650-48fd-scatalyst_3650-48fs-scatalyst_3850-48t-scatalyst_9300-48p-ecatalyst_9800-clcatalyst_3650-48pq-lcatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_3650-8x24pd-ecatalyst_9407rcatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9300-48t-ecatalyst_3850-24xu-ecatalyst_9200catalyst_3650-12x48uq-ecatalyst_9300l-48p-4g-a1160_integrated_services_routercatalyst_3650-24td-scatalyst_3650-48pd-lcatalyst_3650-8x24uqcatalyst_9600catalyst_3850-48u-scatalyst_9300l-48t-4g-acatalyst_3850-16xs-ecatalyst_3650-48tq-scatalyst_3650-24pdm-scatalyst_3850-24xucatalyst_9300-48uxm-ecatalyst_3850-48p-ecatalyst_9800-80catalyst_3650-12x48ur-e1109_integrated_services_routercatalyst_9300l-48p-4x-ecatalyst_9400catalyst_3650-48fqm-scatalyst_3850-48t-lcatalyst_3650-48fd-ecatalyst_3650-12x48fd-s1111x_integrated_services_routercatalyst_3650-12x48uq-lcatalyst_9800-40catalyst_9300l-48p-4x-acatalyst_3650-48fq-ecatalyst_9800catalyst_9300-24s-ecatalyst_3650-8x24uq-scatalyst_9300-48u-e1101-4p_integrated_services_routercatalyst_3650-48tq-lcatalyst_9300-48u-acatalyst_9300-48s-acatalyst_3650-12x48fd-l1100-4p_integrated_services_routercatalyst_3650-48fq-scatalyst_3850-24p-ecatalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300catalyst_3850-48t-ecatalyst_3650-48pq-s1101_integrated_services_routercatalyst_3850-24xu-s4451_integrated_services_routercatalyst_3650-48fqmcatalyst_3650-48td-lcatalyst_3650-48fqm-lcatalyst_3850-24xs-ecatalyst_3850-12s-scatalyst_3650-8x24uq-ecatalyst_3850-24u-lcatalyst_9300l-24t-4g-acatalyst_3850-48f-scatalyst_3650-12x48ur-lcatalyst_3850-24u-s1100_integrated_services_routercatalyst_9300l-24t-4x-ecatalyst_3650-24pdcatalyst_9800-l-ccatalyst_3850-48f-e4000_integrated_services_router1000_integrated_services_routercatalyst_3650-12x48uz-scatalyst_9300l-24p-4g-acatalyst_9300-48uxm-acatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_9300-24p-acatalyst_3850-32xs-scatalyst_3650-48ps-lcatalyst_9500catalyst_3650-12x48fd-e1100-4g\/6g_integrated_services_router4221_integrated_services_routercatalyst_3850-24xu-lcatalyst_3850-48f-lcatalyst_3850-48xs-ecatalyst_3850-24s-scatalyst_3650-24td-ecatalyst_9300-48s-ecatalyst_3650-48td-ecatalyst_9300-24u-acatalyst_3850-48ucatalyst_3650-8x24pd-lcatalyst_3650-48fqcatalyst_9300lcatalyst_3650-48fq-lcatalyst_3650-12x48uz-ecatalyst_3650-12x48uq-scatalyst_9300-24u-e4451-x_integrated_services_routercatalyst_3650-12x48ur-scatalyst_3850-48p-scatalyst_3850-12x48ucatalyst_3650-48pd-scatalyst_9300-48un-acatalyst_3650-24pd-e1109-2p_integrated_services_routercatalyst_3650-12x48uz-lioscatalyst_9300-24p-ecatalyst_3850-48xs-f-ecatalyst_9300-48t-acatalyst_9800-l-fcatalyst_9300l-48t-4x-ecatalyst_3850-12s-ecatalyst_3850-24p-l1120_integrated_services_routercatalyst_3850-24t-ecatalyst_3850-24xscatalyst_3650-24ts-scatalyst_3650-24ps-e4321_integrated_services_routercatalyst_3850-24xs-scatalyst_3650-48ps-s4431_integrated_services_routercatalyst_3650-48fqm-ecatalyst_3650-48pd-ecatalyst_3650-24pdm-ecsr_1000vcatalyst_3850-24u-ecatalyst_3850-48xs-scatalyst_3650-48ts-ecatalyst_3850-48p-lios_xe1111x-8p_integrated_services_router1100-8p_integrated_services_routercatalyst_9410r1109-4p_integrated_services_routercatalyst_3850-nm-8-10gcatalyst_3650-48ts-scatalyst_3650-48ps-ecatalyst_9300-24ux-e4351_integrated_services_routercatalyst_3850-12xs-eCisco IOS
CWE ID-CWE-456
Missing Initialization of a Variable
CWE ID-CWE-665
Improper Initialization
CVE-2021-34699
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.79% / 72.86%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:25
Updated-18 Nov, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS
CWE ID-CWE-435
Improper Interaction Between Multiple Correctly-Behaving Entities
CWE ID-CWE-436
Interpretation Conflict
CVE-2022-20679
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.80% / 73.03%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:16
Updated-16 Sep, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IPSec Denial of Service Vulnerability

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured IPsec tunnel is being processed. An attacker could exploit this vulnerability by sending traffic to an affected device that has a maximum transmission unit (MTU) of 1800 bytes or greater. A successful exploit could allow the attacker to cause the device to reload. To exploit this vulnerability, the attacker may need access to the trusted network where the affected device is in order to send specific packets to be processed by the device. All network devices between the attacker and the affected device must support an MTU of 1800 bytes or greater. This access requirement could limit the possibility of a successful exploit.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0664
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.84% / 82.23%
||
7 Day CHG~0.00%
Published-10 Jan, 2014 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unity_connectionn/a
CVE-2021-1478
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 46.88%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:41
Updated-08 Nov, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_managerhosted_collaboration_mediation_fulfillmentCisco Unified Communications Manager
CWE ID-CWE-284
Improper Access Control
CVE-2021-1422
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.43% / 61.56%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 12:25
Updated-07 Nov, 2024 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_2140firepower_2120ftd_virtualadaptive_security_appliance_softwarefirepower_2130firepower_2100firepower_2110firepower_threat_defenseadaptive_security_virtual_applianceCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-617
Reachable Assertion
CVE-2021-1266
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.51%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:35
Updated-08 Nov, 2024 | 23:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Managed Services Accelerator Denial of Service Vulnerability

A vulnerability in the REST API of Cisco Managed Services Accelerator (MSX) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could exploit this vulnerability by sending a flood of crafted API requests to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-managed_services_acceleratorCisco Managed Services Accelerator
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-3310
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.42% / 61.26%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 16:40
Updated-15 Nov, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Device Manager On-Box Software XML Parsing Vulnerability

A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways using a malicious file: An attacker with administrative privileges could upload a malicious XML file on the system and cause the XML code to parse the malicious file. An attacker with Clientless Secure Sockets Layer (SSL) VPN access could exploit this vulnerability by sending a crafted XML file. A successful exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_device_manager_on-boxCisco Firepower Threat Defense Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • Next
Details not found