Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-3369

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-16 Jul, 2020 | 17:21
Updated At-15 Nov, 2024 | 16:53
Rejected At-
Credits

Cisco SD-WAN vEdge Routers Denial of Service Vulnerability

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:16 Jul, 2020 | 17:21
Updated At:15 Nov, 2024 | 16:53
Rejected At:
â–¼CVE Numbering Authority (CNA)
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco SD-WAN vEdge router
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-118CWE-118
Type: CWE
CWE ID: CWE-118
Description: CWE-118
Metrics
VersionBase scoreBase severityVector
3.08.6HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Version: 3.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f
vendor-advisory
x_refsource_CISCO
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f
Resource:
vendor-advisory
x_refsource_CISCO
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:16 Jul, 2020 | 18:15
Updated At:24 Jul, 2020 | 15:21

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.08.6HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>sd-wan_firmware>>19.2.0
cpe:2.3:o:cisco:sd-wan_firmware:19.2.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>sd-wan_firmware>>19.2.1
cpe:2.3:o:cisco:sd-wan_firmware:19.2.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>sd-wan_firmware>>19.2.097
cpe:2.3:o:cisco:sd-wan_firmware:19.2.097:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>sd-wan_firmware>>19.2.098
cpe:2.3:o:cisco:sd-wan_firmware:19.2.098:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>vedge_5000>>-
cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>vedge_cloud_router>>-
cpe:2.3:a:cisco:vedge_cloud_router:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-118Secondaryykramarz@cisco.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-118
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9fykramarz@cisco.com
Vendor Advisory
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

860Records found
CVE-2024-20314
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.06% / 77.35%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 16:57
Updated-30 Jul, 2025 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain IPv4 packets. An attacker could exploit this vulnerability by sending certain IPv4 packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Softwareios_xe
CWE ID-CWE-783
Operator Precedence Logic Error
CVE-2017-12231
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-6.80% / 91.14%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-14 Jan, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_3650-24pd-ecatalyst_9300l-48t-4g-ecatalyst_3650-48ps-scatalyst_3650-48fd-ecatalyst_3650-48td-scatalyst_3650-24ts-ecatalyst_3850-12xs-ecatalyst_9300l-24p-4x-aasr_1001-xasr_1013catalyst_3850-48u-sasr_914catalyst_3650-48pq-scatalyst_3650-48fqm1802_integrated_service_routercatalyst_3650-24ps-lcatalyst_9300l-24t-4g-ecatalyst_3650-12x48uzasr_1009-xasr_920-24sz-im1906c_integrated_services_routercatalyst_3650-48fq-s1111x-8p_integrated_services_routercatalyst_9300-48p-acatalyst_3850catalyst_3850-48xs1109_integrated_services_router8101-32fhcatalyst_3850-24xu-scatalyst_9300l-24t-4x-easr_901-6cz-f-dcatalyst_9300-48p-ecatalyst_3850-24p-lcatalyst_3650-24td-easr_900catalyst_9300-48uxm-acatalyst_3850-12s-scatalyst_3850-16xs-ecatalyst_3850-48f-lcatalyst_9300l-48p-4x-acatalyst_3650-48tq-lcatalyst_3650-8x24pd-easr_920-4sz-d_rcatalyst_3650-12x48uz-lcatalyst_9300-48t-aasr_90108800_12-slot8800_8-slotcatalyst_8510msrcatalyst_9800-l-casr_901s-3sg-f-dasr_1006catalyst_3650-24pdm-ecatalyst_8300-2n2s-4t2xcatalyst_8300-1n1s-4t2xcatalyst_3850-24u-lcatalyst_3850-24xs-ecatalyst_3850-24pw-s8804catalyst_3850-24xucatalyst_3650-24ps-scatalyst_3850-48t-sasr_9006asr_1002-hx_rcatalyst_3650asr_1000-esp200-xcatalyst_3650-48pq-ecatalyst_3650-48fqm-lcatalyst_3850-12xs-sasr_1002_fixed_routercatalyst_3650-48td-e4000_integrated_services_routercatalyst_3850-48ucatalyst_3650-48fq-lcatalyst_3850-32xs-scatalyst_3850-48xs-ecatalyst_3850-24u-e8800_18-slotasr_9902catalyst_3850-48xs-f-sasr_901-4c-ft-dcatalyst_3650-8x24uq-scatalyst_3650-48fs-scatalyst_9300lasr_903asr_9910catalyst_3850-24xs1131_integrated_services_router111x_integrated_services_router1109-4p_integrated_services_router1803_integrated_service_routercatalyst_9300-24u-acatalyst_3650-12x48uq-sasr_1000-esp100-xcatalyst_3850-24u4221_integrated_services_routercatalyst_3650-8x24uq-easr_920-4sz-dasr_901-6cz-fs-acatalyst_9300-48s-ecatalyst_8500lcatalyst_3650-48ps-lcatalyst_9300-48t-ecatalyst_9800asr_901-6cz-fs-d8218catalyst_3850-48pw-scatalyst_3850-12x48uasr_1000-esp100asr_9904asr_920-12sz-imcatalyst_3650-12x48ur-scatalyst_9300-48un-aasr_1001-hxcatalyst_3650-24td-lasr_920-24tz-mcatalyst_8200catalyst_3650-48fq-ecatalyst_3850-48xs-sasr_9920catalyst_9800-401100-4gltena_integrated_services_routercatalyst_3850-24p-ecatalyst_3850-24s-scatalyst_3850-24s-e8812catalyst_3650-12x48ur-lcatalyst_3850-48u-l9800-408102-64hasr_920-24sz-masr_1002-xasr_920-4sz-acatalyst_3650-12x48fd-scatalyst_9300l-48t-4x-ecatalyst_3650-48fs-lcatalyst_3850-nm-2-40gasr_9906catalyst_3650-12x48uq-lasr_9000vcatalyst_3650-24pdmcatalyst_3650-24pdm-scatalyst_3850-48t-lcatalyst_9300-24t-acatalyst_3650-12x48uq-ecatalyst_9300-48u-acatalyst_8500-4qccatalyst_8510csr8201catalyst_9800_embedded_wireless_controllerasr_901-6cz-f-acatalyst_3650-48fqm-e1100-8p_integrated_services_routercatalyst_3650-48tq-s88081100-4p_integrated_services_routercatalyst_3650-24td-sasr_901-12c-f-dcatalyst_3650-24ts-s8202asr_9922catalyst_85009800-lcatalyst_3650-24pdm-lcatalyst_3650-48tq-easr_920-24sz-m_rasr_10011100-4gltegb_integrated_services_routercatalyst_3650-12x48urasr_901s-4sg-f-dcatalyst_9800-l-fcatalyst_3850-16xs-scatalyst_9600_supervisor_engine-1catalyst_9600catalyst_3650-12x48uz-ecatalyst_3650-24ts-lcatalyst_3650-12x48fd-l1120_integrated_services_routercatalyst_3850-48f-scatalyst_3850-24xs-scatalyst_9300l-48t-4x-acatalyst_3650-8x24uqcatalyst_9200lcatalyst_3850-48t-e1801_integrated_service_routerasr_99121100_terminal_services_gatewayscatalyst_9300l-24p-4x-ecatalyst_9300l-48p-4g-ecatalyst_3850-48f-easr_920-10sz-pd_rcatalyst_9300-24p-ecatalyst_3650-8x24uq-lcatalyst_3650-48pd-s9800-80catalyst_9800-801941_integrated_services_routercatalyst_8300asr_901-12c-ft-dasr_1004catalyst_9300l-48p-4x-ecatalyst_3850-48p-lcatalyst_9300-24t-ecatalyst_3850-24t-e1921_integrated_services_routercatalyst_3650-24pdasr_1000catalyst_3650-48ts-scatalyst_3650-48pd-ecatalyst_3850-nm-8-10gcatalyst_9200catalyst_3650-24ps-ecatalyst_3650-48ts-lcatalyst_9300l-24t-4g-aios1100-4g\/6g_integrated_services_router9800-clcatalyst_3850-24xu-lcatalyst_3650-8x24pd-lcatalyst_9800-40_wireless_controllercatalyst_3850-12s-e1861_integrated_service_router1905_integrated_services_routercatalyst_9300asr_9000catalyst_3650-24pd-scatalyst_ie3200_rugged_switch8101-32hcatalyst_9300-24u-easr_1001-x_rcatalyst_3650-48fqcatalyst_9300-48un-easr_901s-3sg-f-ahasr_9903catalyst_9300-24s-ecatalyst_9300lmcatalyst_9300l-24p-4g-acatalyst_ie3300_rugged_switch1160_integrated_services_router8212asr_90011100_integrated_services_routerasr_902ucatalyst_3650-48pd-lcatalyst_9300-24ux-acatalyst_9300l_stackasr_902catalyst_9200cxcatalyst_9800-clasr_1001-hx_rcatalyst_3850-48p-sasr_920-12sz-im_rcatalyst_3850-48p-ecatalyst_3650-48fqm-scatalyst_3650-12x48uqcatalyst_3650-8x24pd-scatalyst_3650-48fs-ecatalyst_3850-48u-ecatalyst_3650-48fd-lcatalyst_9300-24p-aasr_1002-hx1100-6g_integrated_services_routercatalyst_8300-2n2s-6tcatalyst_3850-32xs-ecatalyst_9300-48uxm-easr_9901catalyst_3650-24pd-l1100-4g_integrated_services_routerasr_920-10sz-pdasr_920-24sz-im_rasr_920-24tz-m_rasr_901-6cz-ft-d8800_4-slotcatalyst_3850-24t-scatalyst_8540msrcatalyst_9300l-24t-4x-acatalyst_3850-24xu-e1109-2p_integrated_services_routercatalyst_3850-24t-lcatalyst_8300-1n1s-6tasr_901-4c-f-d1841_integrated_service_routerasr_920-12cz-acatalyst_9500hasr_1023catalyst_9300x8208asr_901-6cz-ft-acatalyst_9800-80_wireless_controller1100-lte_integrated_services_routercatalyst_3850-24u-sasr_920-4sz-a_rcatalyst_3850-24p-sasr_901s-2sg-f-ahcatalyst_3650-12x48fd-easr_920-12cz-a_rcatalyst_9300-48u-ecatalyst_9300l-48t-4g-a1101_integrated_services_router1812_integrated_service_routerasr_901s-2sg-f-d1101-4p_integrated_services_routerasr_1002-x_rcatalyst_9600xcatalyst_9800-lcatalyst_3650-48fd-s8201-32fhcatalyst_3850-48xs-f-ecatalyst_9300l-48p-4g-aasr_920u-12sz-imcatalyst_3650-12x48ur-ecatalyst_9300-48s-acatalyst_8540csrasr_1006-x1941w_integrated_services_routercatalyst_9300-24s-a8818asr_907asr_920-12cz-d_rcatalyst_9300l-24p-4g-ecatalyst_9500catalyst_3650-48ts-ecatalyst_9300-24ux-e1811_integrated_service_routercatalyst_3650-12x48uz-scatalyst_3650-48ps-ecatalyst_3650-48td-lasr_920-12cz-dcatalyst_3650-48pq-lCisco IOSIOS software
CVE-2017-12233
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-6.54% / 90.94%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-12 Jan, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-1802_integrated_service_router1100-4gltegb_integrated_services_router1131_integrated_services_router1117-4plteeawe1861_integrated_service_router1101-4p_integrated_services_router1100-4g_integrated_services_routerios1116-4pwe1117-4pmwe1921_integrated_services_router1117-4pwe1801_integrated_service_router1111x-8p1100-6g_integrated_services_router1841_integrated_service_routercatalyst_ie93001100-4p_integrated_services_router1000_integrated_services_router1120esr-6300-ncp-k9esr-6300-con-k91160_integrated_services_router1100-8p_integrated_services_router1100-8p1803_integrated_service_router1116-4plteeawecatalyst_ie3300_rugged_switch1120_connected_grid_router1100-lte_integrated_services_router1117-4pmlteeawe1941_integrated_services_router1111-8pwbcatalyst_ie3400_heavy_duty_switch1111-4pwe1113-8pmwecatalyst_ie3200_rugged_switch1811_integrated_service_router1905_integrated_services_routercatalyst_ie3400_rugged_switch1100-4p1100_terminal_services_gateways1109-4p1109-2p1101-4p1906c_integrated_services_router1100_integrated_services_router1113-8plteeawe1812_integrated_service_router1100-4g\/6g_integrated_services_router1101_integrated_services_router1100-4gltena_integrated_services_router1113-8pwe1120_integrated_services_router1941w_integrated_services_routerCisco IOSIOS software
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12235
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-4.93% / 89.42%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-12 Jan, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-industrial_ethernet_2000_24t67-b_switchindustrial_ethernet_2000_8tc-g-e_switchindustrial_ethernet_2000_8tc-b_switchindustrial_ethernet_2000_4t-g-l_switchindustrial_ethernet_2000_16tc-g-n_switchindustrial_ethernet_2000_16ptc-g-l_switchindustrial_ethernet_2000_4ts-g-b_switchindustrial_ethernet_2000_16ptc-g-nx_switchindustrial_ethernet_2000_16ptc-g-e_switchindustrial_ethernet_2000_8tc-g-l_switchindustrial_ethernet_2000_8t67p-g-e_switchiosindustrial_ethernet_2000_4t-b_switchindustrial_ethernet_2000_4t-g-b_switchindustrial_ethernet_2000_8tc-l_switchindustrial_ethernet_2000_4ts-b_switchindustrial_ethernet_2000_4ts-l_switchindustrial_ethernet_2000_4s-ts-g-l_switchindustrial_ethernet_2000_16tc-g-x_switchindustrial_ethernet_2000_8tc-g-b_switchindustrial_ethernet_2000_4t-l_switchindustrial_ethernet_2000_series_firmwareindustrial_ethernet_2000_16t67-b_switchindustrial_ethernet_2000_4ts-g-l_switchindustrial_ethernet_2000_16t67p-g-e_switchindustrial_ethernet_2000_4s-ts-g-b_switchindustrial_ethernet_2000_8tc-g-n_switchindustrial_ethernet_2000_16tc-g-l_switchindustrial_ethernet_2000_16tc-l_switchindustrial_ethernet_2000_8t67-b_switchindustrial_ethernet_2000_16tc-g-e_switchCisco IOSIOS software
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12245
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.66% / 70.79%
||
7 Day CHG~0.00%
Published-05 Oct, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and notifications to and from the Adaptive Security Appliance (ASA) handler. An attacker could exploit this vulnerability by sending a steady stream of malicious Secure Sockets Layer (SSL) traffic through the device. An exploit could allow the attacker to cause a DoS condition when the device runs low on system memory. This vulnerability affects Cisco Firepower Threat Defense (FTD) Software Releases 6.0.1 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances. Cisco Bug IDs: CSCve02069.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Detection Engine
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CWE ID-CWE-399
Not Available
CVE-2024-20451
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.68% / 81.90%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 16:48
Updated-23 Aug, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa_501g_firmwarespa_509g_firmwarespa_514g_4-line_ip_phonespa_508g_firmwarespa_301_1_line_ip_phonespa_525g2_5-line_ip_phonespa_303_3_line_ip_phonespa_514g_firmwarespa_525g2_firmwarespa_508g_8-line_ip_phonespa_301_firmwarespa_512g_firmwarespa_504g_4-line_ip_phonespa_303_firmwarespa_502g_1-line_ip_phonespa_504g_firmwarespa_525g_5-line_ip_phonespa_502g_firmwarespa_501g_8-line_ip_phonespa_509g_12-line_ip_phonespa_512g_1-line_ip_phonespa_525g_firmwareCisco Small Business IP Phones
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-9219
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.90%
||
7 Day CHG~0.00%
Published-06 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controllerwireless_lan_controller_firmwarewireless_lan_controller_softwareCisco Wireless LAN Controller
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6356
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.99%
||
7 Day CHG~0.00%
Published-28 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-email_security_applianceCisco AsyncOS through 9.7.0-125
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6385
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-2.28% / 84.41%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xen/a
CVE-2016-6382
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-7.70% / 91.74%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) register packet, aka Bug ID CSCuy16399.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xen/a
CVE-2025-20343
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.16% / 36.59%
||
7 Day CHG~0.00%
Published-05 Nov, 2025 | 16:31
Updated-19 Nov, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Radius Suppression Denial of Service Vulnerability

A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly. This vulnerability is due to a logic error when processing a RADIUS access request for a MAC address that is already a rejected endpoint. An attacker could exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when Cisco ISE restarts.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-697
Incorrect Comparison
CVE-2016-6378
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.64%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xen/a
CVE-2025-20350
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.70%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 16:15
Updated-04 Dec, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Denial of Service Vulnerability

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_8841desk_phone_9871video_phone_8875ip_phone_7841_firmwareip_phone_8821_firmwareip_phone_8841_firmwareip_phone_8851_firmwareip_phone_8865ip_phone_8821ip_phone_7821_firmwareip_phone_8832desk_phone_9841ip_phone_7861ip_phone_8845ip_phone_8861_firmwareip_phone_7821desk_phone_9851_firmwarevideo_phone_8875_firmwareip_phone_8861ip_phone_7841ip_phone_8851ip_phone_7811_firmwareip_phone_7861_firmwaredesk_phone_9841_firmwaredesk_phone_9851desk_phone_9861ip_phone_8811_firmwareip_phone_8865_firmwaredesk_phone_9861_firmwareip_phone_7811ip_phone_8845_firmwareip_phone_8811ip_phone_8832_firmwaredesk_phone_9871_firmwareCisco Session Initiation Protocol (SIP) Software
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2016-6384
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.97% / 83.27%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6391
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.64%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSCur69036.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CVE-2025-20139
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.50%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 16:16
Updated-06 Aug, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_chat_and_emailCisco Enterprise Chat and Email
CWE ID-CWE-185
Incorrect Regular Expression
CVE-2016-6392
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.31% / 79.51%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message, aka Bug ID CSCud36767.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xen/a
CVE-2017-12237
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-5.32% / 89.84%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-12 Jan, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled. A device does not need to be configured with any IKEv2-specific features to be vulnerable. Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN; Remote-access VPN, excluding SSL VPN; Dynamic Multipoint VPN (DMVPN); and FlexVPN. Cisco Bug IDs: CSCvc41277.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_9300-48uxm-ecatalyst_3650-48ts-ecatalyst_3850-48xs-f-s4321_integrated_services_routercatalyst_9300-24s-e1101-4p_integrated_services_routercatalyst_3650-48tq-ecatalyst_3850-24t-scatalyst_3850-16xs-scatalyst_8500catalyst_3650-24ts-ecatalyst_3650-24pdmcatalyst_3650-24td-l1841_integrated_service_routercatalyst_8500-4qccatalyst_9300-48t-ecatalyst_ie9300catalyst_3650-48fs-lcatalyst_8300-1n1s-4t2xcatalyst_3650-12x48fd-scatalyst_9300-24s-acatalyst_3850-48p-lcatalyst_9410rcatalyst_8300-2n2s-6tcatalyst_3850-24t-e8800_12-slotcatalyst_3650-48pd-scatalyst_3650-48ts-lasr_10011111x_integrated_services_router4351\/k9-rf_integrated_services_router4331\/k9_integrated_services_router8101-32fhcatalyst_3850-24xs-s1100-4gltena_integrated_services_router1120_integrated_services_routercatalyst_3850-24xucatalyst_9300-24ux-acatalyst_9300catalyst_3850-24p-ecatalyst_8200catalyst_3850-24xs-e1100-4gltegb_integrated_services_routercatalyst_9300l_stack1109-4p_integrated_services_routercatalyst_3650-8x24pd-lcatalyst_8510msrcatalyst_3650-48ts-s8202catalyst_3650-12x48uq-ecatalyst_8300catalyst_3650-48fs-scatalyst_9300l-48p-4x-ecatalyst_8300-1n1s-6t1803_integrated_service_routercatalyst_3850-48f-ecatalyst_3650-12x48uq-l1811_integrated_service_routercatalyst_3650-48td-s4000_integrated_services_routercatalyst_3850-nm-8-10g4321\/k9-ws_integrated_services_router8800_4-slotcatalyst_3850-12x48u1100_integrated_services_routercatalyst_3850-48f-s1101_integrated_services_routercatalyst_9600_supervisor_engine-11802_integrated_service_routercatalyst_9300l-24t-4x-ecatalyst_3850-48xs-ecatalyst_9300lmcatalyst_9300l-24p-4x-acatalyst_3650-24pd-lcatalyst_3650-48fd-l1240_connected_grid_routerasr_1002-x_rcatalyst_3650-24ts-lcatalyst_9500catalyst_9500hcatalyst_3650-24pd-e1111x-8p_integrated_services_routercatalyst_98001801_integrated_service_routercatalyst_9300xasr_1001-x_r1000_integrated_services_routercatalyst_3650-48fq-ecatalyst_3650-24ts-s4321\/k9_integrated_services_routercatalyst_3650-48tq-lcatalyst_3650-12x48ur-lcatalyst_9800-l-fcatalyst_ie3200_rugged_switchcatalyst_3650-12x48fd-ecatalyst_9300-48uxm-acatalyst_ie3400_rugged_switchcatalyst_3850-24xu-e4331\/k9-ws_integrated_services_router8101-32hcatalyst_3850-48u-lasr_1001-xcatalyst_9300-48u-aasr_10134351_integrated_services_routercatalyst_3650-8x24uq-sasr_1023catalyst_3850-48u-ecatalyst_3850-24u-ecatalyst_3650-8x24pd-scatalyst_9300l-48t-4x-acatalyst_9300-48s-e820844461_integrated_services_routercatalyst_9600catalyst_9300-24p-a4431_integrated_services_routercatalyst_3850-24ucatalyst_3850-24s-scatalyst_9300-48s-acatalyst_3650-12x48urcatalyst_3650-12x48uqcatalyst_8500lcatalyst_3650-48fqm-scatalyst_9300-48un-acatalyst_3850-24u-scatalyst_9300l-48p-4g-ecatalyst_3850-24pw-scatalyst_3650-24pdm-s1100-4p_integrated_services_routercatalyst_8300-2n2s-4t2x9800-lcatalyst_9300-48un-easr_1006-xcatalyst_3850-24t-lasr_1002-hx_rcatalyst_9300l-24t-4g-acatalyst_3850catalyst_9300l-24p-4x-ecatalyst_3650-12x48ur-ecatalyst_9300l-48p-4g-a1100-lte_integrated_services_routerios_xecatalyst_3650-48td-lcatalyst_3650-48fd-e4461_integrated_services_routercatalyst_9200cx8804catalyst_3650-48fq-s8831catalyst_9300-24t-ecatalyst_9300l-24p-4g-acatalyst_3650-8x24uq-l1100-4g\/6g_integrated_services_routercatalyst_9407r4221_integrated_services_routercatalyst_9200catalyst_3650-12x48uq-scatalyst_3850-24xscatalyst_3650-48pq-lcatalyst_3650-12x48uz-scatalyst_9200lcatalyst_3650-24pdcatalyst_3650-48td-e4331\/k9-rf_integrated_services_routercatalyst_3650-48fqm-ecatalyst_3850-24xu-scatalyst_9300l-24p-4g-ecatalyst_3650-24pdm-l1100-4g_integrated_services_routercatalyst_3650-48tq-scatalyst_3650-24td-ecatalyst_3850-24p-s9800-40catalyst_3850-12s-scatalyst_3850-24xu-lcatalyst_9300l-48t-4g-ecatalyst_9400_supervisor_engine-1esr-6300-con-k91160_integrated_services_router1100-8p_integrated_services_router4331_integrated_services_routercatalyst_8540csrcatalyst_3650-24pd-scatalyst_ie3300_rugged_switchcatalyst_9300-48u-ecatalyst_3850-48u-scatalyst_3650-12x48uzcatalyst_3850-16xs-e1905_integrated_services_router4351\/k9_integrated_services_router8800_8-slotcatalyst_3650-8x24uq-ecatalyst_3650-48pd-ecatalyst_3850-48f-lcatalyst_9300l-24t-4x-a4451_integrated_services_router1906c_integrated_services_router8201-32fhcatalyst_3850-48xs-f-ecatalyst_3850-nm-2-40gcatalyst_3850-12s-ecatalyst_3650-24ps-lcatalyst_9300-48p-acbr-8_converged_broadband_router1861_integrated_service_router8812catalyst_3850-48xs-scatalyst_3850-32xs-sioscatalyst_3650-24ps-scatalyst_9800-l-c9800-801100-6g_integrated_services_routercatalyst_3850-48pw-scatalyst_9300-24ux-e8212catalyst_9300l-24t-4g-e8201catalyst_3650-48fqmcatalyst_3650-24pdm-ecatalyst_3850-48ucatalyst_3650-12x48fd-lcatalyst_3850-48p-ecatalyst_3650-12x48uz-ecatalyst_3850-48t-lcatalyst_9300-48t-acatalyst_3850-48t-scatalyst_9300-24t-a1812_integrated_service_routercatalyst_3850-24u-lcatalyst_9300-48p-ecatalyst_9300l-48t-4g-acatalyst_9300-24u-ecatalyst_3650-48fs-e1941w_integrated_services_router1109-2p_integrated_services_routercatalyst_3850-24s-easr_1002asr_1000-xasr_1001-hxcatalyst_9300lcatalyst_3850-12xs-scatalyst_3850-48t-e4321\/k9-rf_integrated_services_router8808catalyst_3650-48fqcatalyst_9800-clcatalyst_3650-48fq-l8102-64hcatalyst_3650-48fd-scatalyst_3650-48pq-scatalyst_3650-8x24uqintegrated_services_virtual_routercatalyst_3650-12x48ur-s422_integrated_services_routerasr_1009-xesr63008800_18-slot9800-clasr_1004catalyst_3650-8x24pd-ecatalyst_3650-48ps-scatalyst_9300-24p-ecatalyst_3850-32xs-ecatalyst_9600xcatalyst_3850-12xs-ecatalyst_3850-48p-s4451-x_integrated_services_router1131_integrated_services_routercatalyst_3650-48pd-lcatalyst_9800-l8818catalyst_3650-24ps-ecatalyst_3650catalyst_3650-48pq-ecatalyst_3650-48ps-lcatalyst_3850-48xscatalyst_3850-24p-l1921_integrated_services_routerasr_1002-hx82181109_integrated_services_routeresr-6300-ncp-k9asr_1001-hx_rcatalyst_9300l-48t-4x-ecatalyst_3650-12x48uz-l1941_integrated_services_routerasr_1006catalyst_9300-24u-acatalyst_8510csrcatalyst_ie3400_heavy_duty_switchasr_1000catalyst_3650-24td-sasr_1002-xcatalyst_3650-48fqm-lcatalyst_3650-48ps-e4351\/k9-ws_integrated_services_routercatalyst_8540msrcatalyst_9400catalyst_9300l-48p-4x-aCisco IOS and IOS XEIOS and IOS XE Software
CVE-2025-20128
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-5.92% / 90.43%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 16:21
Updated-03 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.ClamAV
Product-secure_endpointclamavsecure_endpoint_private_cloudCisco Secure Endpoint
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-20165
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.09%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 16:21
Updated-06 Aug, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco BroadWorks SIP Denial of Service Vulnerability

A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-broadworks_network_serverCisco BroadWorks
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2024-20307
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.49% / 80.83%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 17:23
Updated-30 Jul, 2025 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosios_xeCisco IOS XE SoftwareIOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2007-0967
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.77% / 73.12%
||
7 Day CHG~0.00%
Published-16 Feb, 2007 | 00:00
Updated-07 Aug, 2024 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remote attackers to cause a denial of service (device reboot) via malformed SNMP requests.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firewall_services_modulen/a
CVE-2021-34737
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.42% / 61.44%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 05:01
Updated-07 Nov, 2024 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability

A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the dhcpd process. While the dhcpd process is restarting, which may take up to approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period. Note: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ncs_5001ncs_5002ncs540x-12z16g-sys-dasr_9010asr_9902ncs_5501-sencs_5516asr_9006ncs540x-12z16g-sys-aasr_9000v-v2ios_xrncs540x-acc-sysncs_5502-sencs540-acc-sysncs_5508asr_9903ncs_5501ncs540-28z4c-sys-dncs540-12z20g-sys-dncs_5011ios_xrv_9000asr_9001ncs540-28z4c-sys-ancs540-24z8q2c-sysncs540x-16z4g8q2c-aasr_9910asr_9906asr_9904asr_9912asr_9922ncs540-24z8q2c-mncs540-12z20g-sys-ancs_560-4ncs_560-7ncs540x-16z4g8q2c-dncs_5502asr_9901Cisco IOS XR Software
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-34781
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.43% / 62.06%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:55
Updated-07 Nov, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability

A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, which causes a DoS condition on the affected device. The device must be manually reloaded to recover.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_management_center_virtual_appliancefirepower_threat_defensesourcefire_defense_centerCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-34769
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.47% / 64.31%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:26
Updated-07 Nov, 2024 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-40_wireless_controllercatalyst_9800-40catalyst_9800-l-ccatalyst_9800-80_wireless_controllercatalyst_9800_embedded_wireless_controllercatalyst_9800catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software
CWE ID-CWE-415
Double Free
CVE-2021-34792
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.43% / 62.13%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:56
Updated-07 Nov, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability

A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management when connection rates are high. An attacker could exploit this vulnerability by opening a significant number of connections on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliance_softwareasa_5585-x_firmwareasa_5505_firmwareasa_5580_firmwareasa_5515-xasa_5545-x_firmwareasa_5545-xasa_5525-x_firmwareasa_5505asa_5555-xasa_5580asa_5515-x_firmwareasa_5525-xasa_5555-x_firmwareasa_5585-xasa_5512-x_firmwareasa_5512-xfirepower_threat_defenseCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-34783
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.77% / 73.13%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:55
Updated-07 Nov, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability

A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliance_softwareasa_5585-x_firmwareasa_5505_firmwareasa_5580_firmwareasa_5515-xasa_5545-x_firmwareasa_5545-xasa_5525-x_firmwareasa_5505asa_5555-xasa_5580asa_5515-x_firmwareasa_5525-xasa_5555-x_firmwareasa_5585-xasa_5512-x_firmwareasa_5512-xfirepower_threat_defenseCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34698
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.52% / 66.24%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 19:46
Updated-07 Nov, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing new connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asyncosweb_security_appliance_s190web_security_appliance_s690web_security_appliance_s680web_security_appliance_s690xweb_security_appliance_s170web_security_appliance_s390web_security_appliance_s380Cisco Web Security Appliance (WSA)
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-34741
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.63%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:40
Updated-07 Nov, 2024 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-m680s395m380asyncosm690xm190s195m170m390xs695m390m690Cisco Email Security Appliance (ESA)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-34704
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.25% / 48.45%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 18:50
Updated-06 Nov, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance Software
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-34735
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-1.51% / 80.92%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 19:46
Updated-07 Nov, 2024 | 21:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities

Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ata_192_firmwareata_190ata_190_firmwareata_191_firmwareata_191ata_192Cisco Analog Telephone Adaptor (ATA) Software
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2008-1158
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.92% / 83.05%
||
7 Day CHG~0.00%
Published-16 May, 2008 | 06:54
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_presence_serverunified_presencen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-1745
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.92% / 83.05%
||
7 Day CHG~0.00%
Published-16 May, 2008 | 06:54
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-1746
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.92% / 83.05%
||
7 Day CHG~0.00%
Published-16 May, 2008 | 06:54
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12658
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.03% / 77.00%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-19 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability

A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3650-24ps-scatalyst_3850-32xs-e4351_integrated_services_rcatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_3850-24p-scatalyst_3650-24pdm-lcatalyst_3850-16xs-s4431_integrated_services_rcatalyst_9300-48p-acatalyst_3650-24ts-ecatalyst_3650-24ps-lcatalyst_c9500-40x-acatalyst_3650-48td-scatalyst_3850-48u-lcatalyst_3650-48ts-lcatalyst_3650-48tq-ecatalyst_3650-8x24uq-l1100_integrated_services_rcatalyst_3650-48fd-lcatalyst_3650-48fs-lcatalyst_3650-48pq-ecatalyst_3650-48fs-ecatalyst_3650-24pd-lcatalyst_3650-24pd-scatalyst_3650-24td-lcatalyst_3650-24ts-lcatalyst_9300-24t-ecatalyst_c9500-12q-easr_920-12cz-a_rcatalyst_3650-48fd-scatalyst_3650-48fs-scatalyst_3850-48t-scatalyst_9300-48p-ecatalyst_3650-48pq-lcatalyst_3850-24t-scatalyst_9407rcatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9300-48t-ecatalyst_3850-24xu-ecatalyst_c9500-12q-acatalyst_3650-12x48uq-ecatalyst_3650-24td-scatalyst_3650-48pd-lcatalyst_3850-48u-scatalyst_3850-16xs-ecatalyst_3650-48tq-scatalyst_3650-24pdm-scatalyst_3850-48p-ecatalyst_3650-12x48ur-easr_920-4sz-a_rcatalyst_3650-48fqm-scatalyst_3850-48t-lcatalyst_3650-48fd-ecatalyst_c3850-12x48u-ecatalyst_3650-12x48uq-lcatalyst_3650-48fq-ecatalyst_3650-8x24uq-scatalyst_9300-48u-ecatalyst_3650-48tq-lcatalyst_9300-48u-acatalyst_3650-48fq-scatalyst_3850-24p-e4451-x_integrated_services_rcatalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300asr_920-24sz-im_rcatalyst_3850-48t-ecatalyst_3650-48pq-scatalyst_3850-24xu-scatalyst_c9500-40x-ecatalyst_3650-48td-lasr_920-24tz-m_rcatalyst_c3850-12x48u-scatalyst_3650-48fqm-lcatalyst_3850-24xs-easr_920-24sz-m_rcatalyst_9400_supervisor_engine-1ncs_4216catalyst_3850-12s-scatalyst_3650-8x24uq-ecatalyst_3850-24u-lasr_920-4sz-d_rcatalyst_c9500-24q-ecatalyst_3850-48f-scatalyst_3650-12x48ur-lcatalyst_3850-24u-scatalyst_c3850-12x48u-lasr_1001-hx_rasr_1002-hx_rcatalyst_3850-48f-e4331_integrated_services_rcatalyst_9300-24p-acatalyst_3850-32xs-scatalyst_3650-48ps-lcatalyst_9500asr_900_4221_integrated_services_rcatalyst_3850-48f-lcatalyst_3850-24xu-l4321_integrated_services_rcatalyst_3850-24s-scatalyst_3650-24td-ecatalyst_3850-48xs-ecatalyst_3650-48td-ecatalyst_9300-24u-aasr_920-12cz-d_rcatalyst_3650-48fq-lncs_4202catalyst_3650-12x48uz-ecatalyst_3650-12x48uq-scatalyst_9300-24u-ecatalyst_3650-12x48ur-scatalyst_3850-48p-scatalyst_3650-48pd-sasr_1001-x_rcloud_services_r_1000vcatalyst_3650-24pd-encs_4206catalyst_9300-24p-easr_920-10sz-pd_rnetwork_convergence_system_520asr_1002-x_rcatalyst_3850-48xs-f-ecatalyst_9300-48t-acatalyst_3850-12s-ecatalyst_3850-24p-lncs_4201catalyst_3850-24t-ecatalyst_3650-24ts-scatalyst_3650-24ps-easr_900catalyst_3850-24xs-scatalyst_3650-48ps-scatalyst_3650-48fqm-ecatalyst_3650-48pd-ecatalyst_3650-24pdm-easr_1000catalyst_3850-24u-ecatalyst_3850-48xs-scatalyst_3650-48ts-eios_xecatalyst_3850-48p-lcatalyst_c9500-24q-aasr_920-12sz-im_rcatalyst_9410rcatalyst_3650-48ts-scatalyst_3650-48ps-ecatalyst_3850-12xs-eCisco IOS XE Software 16.1.1
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-12659
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 66.40%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-19 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software HTTP Server Denial of Service Vulnerability

A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecbr-8_converged_broadband_routerCisco IOS XE Software 3.2.0JA
CWE ID-CWE-399
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-12655
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.25% / 79.06%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-19 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosCisco IOS XE Software 3.16.8S
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-12652
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-3.18% / 86.70%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-19 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Catalyst 4000 Series Switches TCP Denial of Service Vulnerability

A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a DoS condition. This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ioscatalyst_4500_supervisor_engine_6-ecatalyst_4500_supervisor_engine_6l-ecatalyst_4948ecatalyst_4900mcatalyst_4948e-fCisco IOS 15.0(1)XO1
CWE ID-CWE-399
Not Available
CVE-2018-15453
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.29% / 51.73%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 18:00
Updated-19 Nov, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability

A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-email_security_appliance_firmwareCisco Email Security Appliance (ESA)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-15454
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-4.64% / 89.08%
||
7 Day CHG~0.00%
Published-01 Nov, 2018 | 13:00
Updated-26 Nov, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-20
Improper Input Validation
CVE-2018-15391
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.67%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Remote PHY IPv4 Fragment Denial of Service Vulnerability

A vulnerability in certain IPv4 fragment-processing functions of Cisco Remote PHY Software could allow an unauthenticated, remote attacker to impact traffic passing through a device, potentially causing a denial of service (DoS) condition. The vulnerability is due to the affected software not validating and calculating certain numerical values in IPv4 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending malformed IPv4 traffic to an affected device. A successful exploit could allow the attacker to disrupt the flow of certain IPv4 traffic passing through an affected device, which could result in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-remoteCisco Remote PHY
CWE ID-CWE-399
Not Available
CWE ID-CWE-682
Incorrect Calculation
CVE-2023-44487
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-94.46% / 99.99%
||
7 Day CHG+0.06%
Published-10 Oct, 2023 | 00:00
Updated-07 Nov, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-31||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Action-Not Available
Vendor-linecorpkonghqvarnish_cache_projectamazonlinkerdgrpcopenrestyistiocaddyservernghttp2traefikdenaprojectcontourenvoyproxykazu-yamamotoakkan/aRed Hat, Inc.The IETF Administration LLC (IETF LLC)JenkinsEclipse Foundation AISBLThe Netty ProjectF5, Inc.NetApp, Inc.Fedora ProjectFacebookMicrosoft CorporationGoCisco Systems, Inc.The Apache Software FoundationApple Inc.Node.js (OpenJS Foundation)Debian GNU/Linux
Product-big-ip_application_security_managerunified_contact_center_domain_managernexus_93108tc-ex_switchnexus_3172pq-xlnexus_3132qcrosswork_zero_touch_provisioninggrpcjboss_a-mqopenshift_service_meshnexus_93180lc-exnexus_3064-tenvoynginxansible_automation_platformiot_field_network_directorapisixnexus_3232nexus_9316d-gxnexus_3464cnexus_9336pq_acinexus_9500_supervisor_a\+nexus_93180yc-ex_switchnexus_3524-x\/xlnexus_3164qintegration_service_registrywindows_server_2022jboss_fusenexus_93128txnexus_9500_8-slotios_xrbig-ip_websafeunified_contact_center_enterprise_-_live_data_servernexus_31108pv-vnexus_9336pq_aci_spine_switchsecure_dynamic_attributes_connectornginx_ingress_controlleropenshift_dev_spacesnexus_9336c-fx2nexus_3132q-x\/3132q-xlnexus_92304qc_switchvarnish_cachenexus_3172pq\/pq-xlnexus_9348d-gx2ajettyhttp2jboss_a-mq_streamsnexus_3600nexus_3064-xnexus_9332d-gx2bnexus_3132q-xarmeriaswiftnio_http\/2ios_xenexus_3048nexus_3172tqopenshift_secondary_scheduler_operatornexus_92304qch2onexus_9336c-fx2-efog_directornexus_3100vtomcatcert-manager_operator_for_red_hat_openshiftlogging_subsystem_for_red_hat_openshiftazure_kubernetes_servicesecure_web_appliance_firmwarenexus_9272qnexus_9508crosswork_situation_managernexus_31108pc-vnexus_3524-xnexus_3200nexus_3064nexus_9348gc-fx3nexus_9716d-gxnode_healthcheck_operatorfirepower_threat_defensenexus_9516.netnexus_3172tq-xlhttpopenshift_api_for_data_protectionnexus_93216tc-fx2big-ip_domain_name_systemnexus_93240yc-fx2nexus_3548-xunified_contact_center_enterprisebig-ip_advanced_firewall_managerbig-ip_ssl_orchestratornexus_3064tnexus_9200windows_server_2019nexus_93108tc-fxbig-ip_analyticswindows_10_1607nexus_93128tx_switchwindows_10_1809nexus_31128pqnexus_3432d-snetwork_observability_operatornexus_9500_16-slotnexus_9804nexus_3132q-vnexus_9396pxopenshift_container_platform_assisted_installeroncommand_insightprime_access_registrarnexus_9500_4-slotopenshift_container_platformnode_maintenance_operatorbig-ip_ddos_hybrid_defendernexus_3172pqintegration_camel_knexus_9332pqnexus_3524service_telemetry_frameworknexus_9221cnexus_9516_switchnexus_92160yc-xnexus_92300yc_switchnexus_93180lc-ex_switchnexus_3132q-xlopenrestynexus_93108tc-fx3hnexus_34180ycceph_storagenexus_9348gc-fxpmigration_toolkit_for_applicationsnexus_3132c-zasp.net_corenode.jssecure_malware_analyticsnexus_9272q_switchbig-ip_policy_enforcement_managernexus_3524-xlistiodecision_managernexus_93180yc-fx3nexus_9000vnexus_9372tx_switchopenshift_developer_tools_and_servicesnexus_93180yc-fx3hnexus_3016qnexus_3232c_nexus_3548-x\/xlenterprise_chat_and_emailintegration_camel_for_spring_bootnexus_9408openshift_virtualizationnexus_93180yc-ex-24nginx_plusnexus_9500_supervisor_anexus_9500_supervisor_bnexus_9800build_of_optaplannerbig-ip_application_acceleration_managernexus_9332cnexus_31108tc-vcryostatself_node_remediation_operatorgoprime_cable_provisioningnexus_9636pqultra_cloud_core_-_serving_gateway_functionnexus_3400support_for_spring_bootopenshift_gitopsnexus_93180yc-fxnexus_9432pqbig-ip_local_traffic_managernexus_93108tc-fx-24nexus_9504_switchprocess_automationnexus_9372txwindows_11_21h2windows_11_22h2fedoratraefikfence_agents_remediation_operatorcrosswork_data_gatewaybig-ip_global_traffic_managerlinkerdjboss_data_gridnexus_9508_switchnexus_93180tc-exnexus_9332d-h2radvanced_cluster_management_for_kubernetesultra_cloud_core_-_policy_control_functionsatelliteadvanced_cluster_securitybig-ip_advanced_web_application_firewallnexus_9396tx_switchnexus_3064-32tnexus_9500_supervisor_b\+connected_mobile_experiencesnexus_3232cnexus_9372px-enexus_34200yc-smopenshift_distributed_tracingnexus_9336pq_aci_spinecertification_for_red_hat_enterprise_linuxnexus_9504nexus_93128nexus_3100-zultra_cloud_core_-_session_management_functionweb_terminalbig-ip_access_policy_managernexus_3500service_interconnectnexus_3636c-rnexus_3408-sbig-ip_fraud_protection_servicebig-ip_carrier-grade_natopenstack_platformnexus_92348gc-xnexus_9372tx-ejboss_enterprise_application_platformwindows_10_21h2nexus_3548-xltraffic_servernx-osopenshiftenterprise_linuxcbl-marinerastra_control_centerbig-ip_application_visibility_and_reportingjenkinsjboss_core_servicesexpresswaynexus_9372tx-e_switchquaynexus_92300ycrun_once_duration_override_operatornexus_9236c_switchnexus_3064xnexus_9200ycopenshift_sandboxed_containerstelepresence_video_communication_serverprime_network_registrarwindows_server_2016proxygennexus_93108tc-fx3pnexus_93600cd-gxcost_managementbig-ip_webacceleratornexus_9396txnexus_9372pxnexus_9500nexus_9232enexus_3100networkingnexus_93108tc-exopenshift_serverlessbig-ip_nextsolrnexus_93120txbusiness_process_automationnexus_93180yc-exnexus_9364c-gxopensearch_data_preppernexus_9364d-gx2anexus_9236c3scale_api_management_platformopenshift_pipelinesnexus_3548nexus_3100-vnexus_9396px_switchbuild_of_quarkusnghttp2nexus_3172tq-32tsingle_sign-onnexus_9300nexus_93180yc-fx3snexus_9372px-e_switchnexus_36180yc-ropenshift_data_sciencebig-ip_next_service_proxy_for_kuberneteshttp_serverdata_center_network_managernexus_93108tc-ex-24debian_linuxsecure_web_appliancewindows_10_22h2nexus_92160yc_switchnexus_9372px_switchnexus_93240tc-fx2contournexus_3264qnexus_9332pq_switchnexus_9808unified_contact_center_management_portalnexus_9500rkong_gatewaynexus_9536pqnexus_3172nexus_9736pqnexus_3016nexus_93120tx_switchvisual_studio_2022nexus_9364cnexus_9336pqmachine_deletion_remediation_operatornexus_93180yc-fx-24caddynettybig-ip_link_controllermigration_toolkit_for_virtualizationnexus_93360yc-fx2nexus_3264c-emigration_toolkit_for_containersprime_infrastructureunified_attendant_console_advancedn/ahttpHTTP/2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-0228
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-4.16% / 88.45%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 20:00
Updated-29 Nov, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect handling of an internal software lock that could prevent other system processes from getting CPU cycles, causing a high CPU condition. An attacker could exploit this vulnerability by sending a steady stream of malicious IP packets that can cause connections to be created on the targeted device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition during which traffic through the device could be delayed. This vulnerability applies to either IPv4 or IPv6 ingress traffic. This vulnerability affects Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliances (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliances (ASAv), Firepower 2100 Series Security Appliances, Firepower 4110 Security Appliances, Firepower 9300 ASA Security Modules. Cisco Bug IDs: CSCvf63718.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-667
Improper Locking
CVE-2018-0252
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.48% / 64.84%
||
7 Day CHG~0.00%
Published-02 May, 2018 | 22:00
Updated-29 Nov, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a corruption of an internal data structure process that occurs when the affected software reassembles certain IPv4 packets. An attacker could exploit this vulnerability by sending certain malformed IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability affects all releases of 8.4 until the first fixed release for the 5500 and 8500 Series Wireless LAN Controllers and releases 8.5.103.0 and 8.5.105.0 for the 3500, 5500, and 8500 Series Wireless LAN Controllers. Cisco Bug IDs: CSCvf89222.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controller_softwareCisco Wireless LAN Controller
CWE ID-CWE-399
Not Available
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-0467
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.46% / 80.56%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability

A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS Software
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5390
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-6.84% / 91.17%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Linux Kernel Organization, IncF5, Inc.A10 NetworksCisco Systems, Inc.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxtelepresence_video_communication_server_firmwarebig-ip_webacceleratortelepresence_conductor_firmwarebig-ip_application_acceleration_managerenterprise_linux_server_eusbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linux_server_ausmeeting_managementtelepresence_conductorbig-ip_local_traffic_managerbig-ip_application_security_managerwebex_hybrid_data_securitythreat_grid-cloudtelepresence_video_communication_serverenterprise_linux_workstationbig-ip_access_policy_managerenterprise_linux_desktopvirtualizationtraffix_systems_signaling_delivery_controlleradvanced_core_operating_systemaruba_airwave_ampbig-ip_global_traffic_managerexpressway_seriesaruba_clearpass_policy_managerbig-ip_analyticsbig-ip_domain_name_systemexpresswaybig-ip_edge_gatewaydebian_linuxlinux_kernelbig-ip_link_controllercollaboration_meeting_roomsdigital_network_architecture_centerwebex_video_meshenterprise_linux_server_tusbig-ip_advanced_firewall_managernetwork_assurance_engineLinux Kernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-6632
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.36% / 79.88%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the affected software. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to cause a DoS condition. The success of an exploit is dependent on how an administrator has configured logging for SSL policies for a device. This vulnerability affects Cisco FirePOWER System Software that is configured to log connections by using SSL policy default actions. Cisco Bug IDs: CSCvd07072.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_threat_defenseCisco FirePOWER System Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-399
Not Available
CVE-2018-15383
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.89%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability

A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-0305
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.11% / 77.76%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 11:00
Updated-29 Nov, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to force a NULL pointer dereference and cause a DoS condition. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69966, CSCve02435, CSCve04859, CSCve41590, CSCve41593, CSCve41601.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nexus_9000nexus_7000_firmwarefirepower_9000_firmwareunified_computing_systemnexus_5000_firmwarenexus_5000nexus_9000_firmwarenexus_7000unified_computing_system_firmwarefirepower_9000Cisco FXOS and NX-OS unknown
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-0296
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-94.40% / 99.98%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 12:00
Updated-14 Jan, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance unknownAdaptive Security Appliance (ASA)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • ...
  • 16
  • 17
  • 18
  • Next
Details not found