Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-20947

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-10 Nov, 2022 | 17:29
Updated At-03 Aug, 2024 | 02:31
Rejected At-
Credits

A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:10 Nov, 2022 | 17:29
Updated At:03 Aug, 2024 | 02:31
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Adaptive Security Appliance (ASA) Software
Versions
Affected
  • 9.12.1.3
  • 9.17.1
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Firepower Threat Defense Software
Versions
Affected
  • 6.2.3
  • 6.2.3.1
  • 6.2.3.2
  • 6.2.3.3
  • 6.2.3.4
  • 6.2.3.5
  • 6.2.3.6
  • 6.2.3.7
  • 6.2.3.8
  • 6.2.3.10
  • 6.2.3.11
  • 6.2.3.9
  • 6.2.3.12
  • 6.2.3.13
  • 6.2.3.14
  • 6.2.3.15
  • 6.2.3.16
  • 6.2.3.17
  • 6.2.3.18
  • 6.6.0
  • 6.6.0.1
  • 6.6.1
  • 6.6.3
  • 6.6.4
  • 6.6.5
  • 6.6.5.1
  • 6.4.0
  • 6.4.0.1
  • 6.4.0.3
  • 6.4.0.2
  • 6.4.0.4
  • 6.4.0.5
  • 6.4.0.6
  • 6.4.0.7
  • 6.4.0.8
  • 6.4.0.9
  • 6.4.0.10
  • 6.4.0.11
  • 6.4.0.12
  • 6.4.0.13
  • 6.4.0.14
  • 6.7.0
  • 6.7.0.1
  • 6.7.0.2
  • 6.7.0.3
  • 7.0.0
  • 7.0.0.1
  • 7.0.1
  • 7.0.1.1
  • 7.1.0
  • 7.1.0.1
  • 7.1.0.2
Problem Types
TypeCWE IDDescription
cweCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: cwe
CWE ID: CWE-119
Description: Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
VersionBase scoreBase severityVector
3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU
x_transferred
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:15 Nov, 2022 | 21:15
Updated At:25 Jan, 2024 | 17:15

A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CPE Matches
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.1
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.1.3
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.1.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.1.5
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.1.5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.1.10
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.1.10:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.2
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.2.1
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.2.2
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.2.3
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.2.7
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2.7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.2.11
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2.11:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.2.13
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2.13:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.2.22
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2.22:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.2.23
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2.23:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.3
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.3.1
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.3.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.3.3
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.3.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.3.8
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.3.8:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.3.9
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.3.9:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.3.11
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.3.11:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.3.12
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.3.12:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.3.14
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.3.14:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.3.17
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.3.17:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.3.20
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.3.20:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.3
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.5
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.6
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.6:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.8
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.8:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.10
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.10:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.12
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.12:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.14
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.14:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.17
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.17:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.18
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.18:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.20
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.20:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.22
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.22:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.23
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.23:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.24
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.24:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.25
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.25:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.29
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.29:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.30
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.30:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.34
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.34:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.36
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.36:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.40
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.40:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.41
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.41:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.42
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.42:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.6.4.45
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.4.45:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.7.1
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.7.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.7.1.2
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.7.1.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.7.1.4
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.7.1.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.7.1.8
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.7.1.8:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-119Secondaryykramarz@cisco.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-119
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDUykramarz@cisco.com
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU
Source: ykramarz@cisco.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

879Records found
CVE-2024-20260
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.19% / 40.62%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:07
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Virtual Appliance and Secure Firewall Threat Defense Virtual SSL VPN Denial of Service Vulnerability

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together. This vulnerability is due to a lack of proper memory management for new incoming SSL/TLS connections on the virtual platforms. An attacker could exploit this vulnerability by sending a large number of new incoming SSL/TLS connections to the targeted virtual platform. A successful exploit could allow the attacker to deplete system memory, resulting in a denial of service (DoS) condition. The memory could be reclaimed slowly if the attack traffic is stopped, but a manual reload may be required to restore operations quickly.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Softwarefirepower_threat_defense_softwareadaptive_security_appliance_software
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2024-20271
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.46% / 62.99%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 17:05
Updated-06 Aug, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-business_140ac_access_pointbusiness_240acbusiness_145ac_access_pointbusiness_141acmbusiness_140acbusiness_151axmbusiness_142acmbusiness_143acmbusiness_access_pointsios_xebusiness_150axbusiness_150ax_access_pointbusiness_145acwireless_lan_controller_softwareCisco Business Wireless Access Point SoftwareCisco Aironet Access Point SoftwareCisco Aironet Access Point Software (IOS XE Controller)aironet_access_point_software
CWE ID-CWE-20
Improper Input Validation
CVE-2024-20304
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.10% / 27.53%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 16:39
Updated-03 Oct, 2024 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Packet Memory Exhaustion Vulnerability

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition. Note: This vulnerability can be exploited using IPv4 or IPv6.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Softwareios_xr
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-20375
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.33% / 55.57%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 17:02
Updated-01 Aug, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a crafted SIP message to an affected Cisco Unified CM or Cisco Unified CM SME device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communications of reliant voice and video devices.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_managerCisco Unified Communications Manager
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20433
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.44% / 62.24%
||
7 Day CHG+0.11%
Published-25 Sep, 2024 | 16:26
Updated-03 Oct, 2024 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An attacker could exploit this vulnerability by sending RSVP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS XE SoftwareIOSios_xe
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20451
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.89%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 16:48
Updated-23 Aug, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa_501g_firmwarespa_509g_firmwarespa_514g_4-line_ip_phonespa_508g_firmwarespa_301_1_line_ip_phonespa_525g2_5-line_ip_phonespa_303_3_line_ip_phonespa_514g_firmwarespa_525g2_firmwarespa_508g_8-line_ip_phonespa_301_firmwarespa_512g_firmwarespa_504g_4-line_ip_phonespa_303_firmwarespa_502g_1-line_ip_phonespa_504g_firmwarespa_525g_5-line_ip_phonespa_502g_firmwarespa_501g_8-line_ip_phonespa_509g_12-line_ip_phonespa_512g_1-line_ip_phonespa_525g_firmwareCisco Small Business IP Phones
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-20311
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.17% / 77.77%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 16:50
Updated-30 Jul, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: This vulnerability could be exploited over either IPv4 or IPv6 transport.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosios_xeCisco IOS XE SoftwareIOSios_xeios
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-20351
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.58% / 67.83%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:09
Updated-11 Aug, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Snort Firewall Denial of Service Vulnerability

A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause legitimate network traffic to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of TCP/IP network traffic. An attacker could exploit this vulnerability by sending a large amount of TCP/IP network traffic through the affected device. A successful exploit could allow the attacker to cause the Cisco FTD device to drop network traffic, resulting in a DoS condition. The affected device must be rebooted to resolve the DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defense_softwareCisco Firepower Threat Defense Softwarefirepower_threat_defense_software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-12233
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-10.01% / 92.76%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-1000_integrated_services_router1841_integrated_service_router1117-4pwe1100-4g\/6g_integrated_services_router1117-4plteeawe11201801_integrated_service_routercatalyst_ie3200_rugged_switch1100-4gltegb_integrated_services_routerioscatalyst_ie3400_rugged_switch1100-8p_integrated_services_router1100-6g_integrated_services_router1109-2p1111x-8p1101-4p1811_integrated_service_router1111-4pwe1941_integrated_services_router1113-8pmwe1101-4p_integrated_services_router1113-8pwe1921_integrated_services_router1802_integrated_service_routeresr-6300-ncp-k91100_integrated_services_router1100-4p_integrated_services_router1100-4pesr-6300-con-k91100-4g_integrated_services_router1116-4plteeawe1803_integrated_service_router1111-8pwb1109-4p1120_connected_grid_router1100-4gltena_integrated_services_router1160_integrated_services_router1120_integrated_services_router1906c_integrated_services_router1941w_integrated_services_routercatalyst_ie3300_rugged_switch1812_integrated_service_router1100-8pcatalyst_ie3400_heavy_duty_switch1861_integrated_service_router1101_integrated_services_router1131_integrated_services_router1117-4pmlteeawe1100-lte_integrated_services_routercatalyst_ie93001905_integrated_services_router1117-4pmwe1100_terminal_services_gateways1113-8plteeawe1116-4pweCisco IOSIOS software
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12231
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-10.85% / 93.09%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_3850-nm-2-40gcatalyst_3850-24t-scatalyst_9800-80asr_901s-4sg-f-dasr_1009-xcatalyst_8300catalyst_3650-48fs-ecatalyst_3850-24xs-scatalyst_3650-24ts-lcatalyst_3850-12s-e1100_integrated_services_routercatalyst_3650-24ps-sasr_9910catalyst_3650-48fd-scatalyst_8300-2n2s-4t2xcatalyst_9800asr_920-12cz-dasr_920-12cz-a_rasr_920u-12sz-imcatalyst_3650-48fq-sasr_901-6cz-fs-acatalyst_3650-48fq-l1109-2p_integrated_services_routercatalyst_9300-48t-ecatalyst_3650-48pd-lcatalyst_9300-48t-acatalyst_9300l-48t-4g-a8201-32fh9800-lcatalyst_3650-48tq-ecatalyst_3650-48ps-lasr_1002_fixed_routercatalyst_9300-24s-acatalyst_3850-48xs-easr_1000-esp100catalyst_9300l-24t-4g-ecatalyst_82001841_integrated_service_routercatalyst_3650-12x48uzasr_901-4c-ft-dcatalyst_3850-48p-sasr_920-4sz-a_rasr_920-4sz-dcatalyst_3850-48f-ecatalyst_3650-24pdasr_901s-3sg-f-ahcatalyst_9300-24t-acatalyst_3650-48td-easr_1001-hxcatalyst_3850-24t-l8101-32hcatalyst_8500catalyst_9300-48uxm-ecatalyst_3650-48fd-lcatalyst_3850-48t-lcatalyst_3850-nm-8-10gcatalyst_9300l-24p-4g-acatalyst_9300-24u-aasr_900catalyst_3850-12x48ucatalyst_3650-24ps-e8201catalyst_3650-24pd-ecatalyst_3850-48t-ecatalyst_9800-cl1812_integrated_service_routerasr_901-12c-f-dcatalyst_8500lasr_907catalyst_3650-48td-lcatalyst_9200asr_1001-hx_rasr_1006-xcatalyst_3650-48td-scatalyst_9300-24s-ecatalyst_3650-8x24uq-lcatalyst_8300-1n1s-4t2xcatalyst_9300l-24t-4x-a1100-4g\/6g_integrated_services_router1801_integrated_service_router1100-4gltegb_integrated_services_routerasr_9010catalyst_3850-24xu-l1811_integrated_service_router8800_8-slotcatalyst_9300lcatalyst_9800-lasr_920-24sz-imcatalyst_3650-12x48ur-scatalyst_3650-24td-sasr_10138800_4-slotcatalyst_3650-48fq9800-clcatalyst_9300l-48p-4g-acatalyst_9300-24p-ecatalyst_9300-48un-acatalyst_96008808catalyst_95001160_integrated_services_router1941w_integrated_services_router1906c_integrated_services_routercatalyst_ie3300_rugged_switchasr_901s-2sg-f-dcatalyst_3650-12x48uq-sasr_920-24tz-m_rcatalyst_3850-24ucatalyst_3650-48pd-easr_920-12sz-im_rcatalyst_3850-16xs-scatalyst_3650-48tq-scatalyst_3850-48ucatalyst_9600xcatalyst_9300l-48t-4x-acatalyst_3650-24pdm-ecatalyst_3850-32xs-easr_9920asr_920-4sz-d_r4221_integrated_services_routercatalyst_3650-48ts-l1100-8p_integrated_services_router8212asr_920-24sz-mcatalyst_9300l-48t-4g-ecatalyst_9300l-48t-4x-ecatalyst_3650-12x48uq-lcatalyst_3850-48p-lasr_902asr_9006catalyst_3650-48pq-e1109-4p_integrated_services_routercatalyst_3850-24xu-ecatalyst_3850-24t-ecatalyst_8510csrcatalyst_9300lmasr_9000v8818catalyst_3650-12x48uz-sasr_901-6cz-f-acatalyst_3850-48u-lcatalyst_3850-24s-scatalyst_3850-24u-scatalyst_3650-24pd-scatalyst_3650-48fqm-ecatalyst_9300l-48p-4g-ecatalyst_3650catalyst_3850-12s-sasr_9902asr_901s-2sg-f-ahcatalyst_9300-24t-e9800-40catalyst_3650-12x48ur-ecatalyst_9300l-24p-4x-ecatalyst_9300-48u-acatalyst_9800-l-fcatalyst_3650-12x48ur-lcatalyst_ie3200_rugged_switchasr_1002-xcatalyst_8300-1n1s-6tcatalyst_3650-24pdm-lasr_10001100-6g_integrated_services_routercatalyst_3650-8x24uq-easr_901-6cz-ft-dcatalyst_3650-12x48uz-ecatalyst_9300l-48p-4x-acatalyst_8500-4qccatalyst_3850-24pw-scatalyst_3650-12x48fd-scatalyst_3850-48xs-s8218asr_920-10sz-pd_rcatalyst_9300-48u-ecatalyst_3850-48t-sasr_920-24sz-m_rcatalyst_3850-24xu-scatalyst_3850-48f-lcatalyst_3850catalyst_9600_supervisor_engine-18101-32fhasr_1002-hxcatalyst_3650-12x48uq8102-64hcatalyst_3650-8x24uq-sasr_920-12cz-acatalyst_3650-48pq-lcatalyst_3650-48fs-l1905_integrated_services_routercatalyst_9200lcatalyst_3650-24ps-lasr_9901catalyst_8540msrasr_901s-3sg-f-d8202catalyst_9300-48s-a8800_18-slotcatalyst_3850-32xs-sasr_1002-x_rcatalyst_3650-24td-ecatalyst_3850-48xs-f-e8800_12-slotcatalyst_3650-24td-lcatalyst_9300-24ux-e1111x-8p_integrated_services_routercatalyst_3850-24p-easr_9912catalyst_3650-12x48uz-lcatalyst_3850-24p-scatalyst_9300-24u-e1101-4p_integrated_services_routercatalyst_3650-48tq-lcatalyst_3850-24s-ecatalyst_3850-24xuasr_1023asr_903catalyst_3650-24pd-lcatalyst_9300l-24p-4g-ecatalyst_3850-24u-lasr_920-4sz-aasr_1000-esp200-x1100-4p_integrated_services_routercatalyst_3850-24u-easr_9904asr_901-6cz-fs-d1109_integrated_services_routerasr_901-4c-f-dcatalyst_3650-48fd-e8812catalyst_3650-48fs-scatalyst_3850-48pw-s1101_integrated_services_routerasr_901-6cz-ft-a8804catalyst_3850-12xs-scatalyst_3650-12x48urcatalyst_3850-24xsasr_920-12cz-d_rcatalyst_9300-24ux-acatalyst_8540csrcatalyst_3650-8x24uqcatalyst_3650-48ts-scatalyst_9200cxcatalyst_9300l-24t-4g-acatalyst_3650-8x24pd-scatalyst_8510msrcatalyst_9800_embedded_wireless_controlleriosasr_914catalyst_3850-48xscatalyst_3850-48p-ecatalyst_3850-48u-ecatalyst_9300l_stackcatalyst_3650-48fq-easr_902uasr_901-12c-ft-dcatalyst_3850-48xs-f-sasr_9922catalyst_3850-24p-lcatalyst_9300-48p-acatalyst_9300-48p-easr_1001-xcatalyst_9800-40_wireless_controllercatalyst_9300-48un-ecatalyst_3650-24ts-e1100-4g_integrated_services_routercatalyst_9800-40asr_9903catalyst_9300-24p-acatalyst_9300-48s-e1100-4gltena_integrated_services_router1120_integrated_services_routercatalyst_9300l-24t-4x-ecatalyst_9300xcatalyst_3850-24xs-ecatalyst_3850-48f-sasr_920-12sz-im1861_integrated_service_routercatalyst_3650-8x24pd-ecatalyst_9300-48uxm-a1100-lte_integrated_services_routercatalyst_9500hasr_1000-esp100-xasr_920-10sz-pdcatalyst_9300l-48p-4x-ecatalyst_3650-48fqm-scatalyst_3850-12xs-e1100_terminal_services_gatewaysasr_920-24tz-mcatalyst_3650-48fqm-lasr_920-24sz-im_rasr_1002-hx_rasr_1001catalyst_3650-48pq-scatalyst_3650-48fqmcatalyst_9300catalyst_3650-12x48fd-lasr_90001941_integrated_services_routercatalyst_3650-48pd-s1921_integrated_services_routercatalyst_3650-8x24pd-l1802_integrated_service_routerasr_9906catalyst_9300l-24p-4x-acatalyst_3650-12x48uq-e4000_integrated_services_routerasr_1001-x_r8208asr_1004catalyst_3650-48ps-easr_901-6cz-f-dcatalyst_9800-80_wireless_controllerasr_10061803_integrated_service_routercatalyst_3650-24ts-scatalyst_3650-24pdmcatalyst_3650-48ps-scatalyst_9800-l-casr_9001catalyst_3650-48ts-ecatalyst_3850-16xs-e9800-80catalyst_3850-48u-s1131_integrated_services_routercatalyst_3650-12x48fd-ecatalyst_3650-24pdm-scatalyst_8300-2n2s-6t111x_integrated_services_routerCisco IOSIOS software
CVE-2021-1586
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.08% / 24.41%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 19:10
Updated-07 Nov, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability

A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition. This vulnerability exists because TCP traffic sent to a specific port on an affected device is not properly sanitized. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port that is listening on a public-facing IP address for the Multi-Pod or Multi-Site configuration. A successful exploit could allow the attacker to cause the device to restart unexpectedly, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_93108tc-exnx-osnexus_9372pxnexus_9364c-gxnexus_9508nexus_93108tc-fx-24nexus_92304qcnexus_93120txnexus_92160yc-xnexus_93128txnexus_9316d-gxnexus_93108tc-ex-24nexus_9372tx-enexus_93108tc-fx3pnexus_93108tc-fxnexus_93360yc-fx2nexus_9396txnexus_93180yc-fx3snexus_9332cnexus_9364cnexus_92300ycnexus_92348gc-xnexus_9336c-fx2nexus_9348gc-fxpnexus_9272qnexus_93180yc-fx-24nexus_9336c-fx2-enexus_9396pxnexus_93216tc-fx2nexus_93240yc-fx2nexus_93180yc-fxnexus_9372txnexus_93180yc-exnexus_93600cd-gxnexus_9000vnexus_9372px-enexus_9236cnexus_93180yc-fx3nexus_93180yc-ex-24Cisco NX-OS System Software in ACI Mode
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2021-1313
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.60% / 68.37%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:56
Updated-08 Nov, 2024 | 23:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Enf Broker Denial of Service Vulnerability

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-1230
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.70% / 71.08%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 19:30
Updated-08 Nov, 2024 | 23:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Fabric Switches ACI Mode BGP Route Installation Denial of Service Vulnerability

A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service (DoS) condition. This vulnerability is due to an issue with the installation of routes upon receipt of a BGP update. An attacker could exploit this vulnerability by sending a crafted BGP update to an affected device. A successful exploit could allow the attacker to cause the routing process to crash, which could cause the device to reload. This vulnerability applies to both Internal BGP (IBGP) and External BGP (EBGP). Note: The Cisco implementation of BGP accepts incoming BGP traffic from explicitly configured peers only. To exploit this vulnerability, an attacker would need to send a specific BGP update message over an established TCP connection that appears to come from a trusted BGP peer.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_93108tc-exnx-osnexus_9372pxnexus_9364c-gxnexus_9508nexus_93108tc-fx-24nexus_92304qcnexus_93120txnexus_92160yc-xnexus_93128txnexus_9316d-gxnexus_9336pq_aci_spinenexus_93108tc-ex-24nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_9396txnexus_93180yc-fx3snexus_9332cnexus_9364cnexus_92300ycnexus_92348gc-xnexus_9336c-fx2nexus_9348gc-fxpnexus_9272qnexus_93180yc-fx-24nexus_9336c-fx2-enexus_9396pxnexus_93216tc-fx2nexus_93240yc-fx2nexus_93180yc-fxnexus_9372txnexus_93180yc-exnexus_93600cd-gxnexus_9000vnexus_9372px-enexus_9236cnexus_93180yc-fx3nexus_93180yc-ex-24Cisco NX-OS System Software in ACI Mode
CWE ID-CWE-233
Improper Handling of Parameters
CVE-2021-1373
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.21% / 44.02%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:15
Updated-08 Nov, 2024 | 23:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-40catalyst_9300catalyst_9800-clcatalyst_9800-80catalyst_9400catalyst_9500Cisco IOS XE Software
CWE ID-CWE-126
Buffer Over-read
CVE-2021-1460
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.36%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:06
Updated-08 Nov, 2024 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOx Application Framework Denial of Service Vulnerability

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosic3000_industrial_compute_gatewaycgr1000_firmware829_industrial_integrated_services_routeric3000_industrial_compute_gateway_firmwarecgr1000809_industrial_integrated_services_routerCisco IOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-44487
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-94.41% / 99.98%
||
7 Day CHG-0.06%
Published-10 Oct, 2023 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-31||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Action-Not Available
Vendor-grpckonghqopenrestykazu-yamamotoistiolinecorptraefiknghttp2linkerdvarnish_cache_projectenvoyproxyakkadenacaddyserveramazonprojectcontourn/aJenkinsF5, Inc.The Netty ProjectEclipse Foundation AISBLThe IETF Administration LLC (IETF LLC)Apple Inc.NetApp, Inc.Microsoft CorporationRed Hat, Inc.Debian GNU/LinuxNode.js (OpenJS Foundation)The Apache Software FoundationFedora ProjectGoCisco Systems, Inc.Facebook
Product-nexus_9516openshift_serverlesscbl-marinernexus_34180ycnexus_3132c-zbig-ip_ddos_hybrid_defendernexus_3132q-xlproxygenarmerianexus_3132q-x\/3132q-xlunified_contact_center_enterprise_-_live_data_servernexus_9336pq_aci_spineintegration_service_registrynexus_9236c_switchwindows_11_22h2migration_toolkit_for_containersnexus_9396px.netnexus_31108pc-vnexus_9336c-fx2nexus_9396tx_switchopenshiftnginx_ingress_controllernexus_9236cadvanced_cluster_securitykong_gatewaynexus_93108tc-ex-24secure_web_appliancewindows_server_2016windows_server_2019openshift_container_platform_assisted_installerbig-ip_next_service_proxy_for_kubernetesnexus_3500integration_camel_knexus_9396txnexus_9372txnexus_93216tc-fx2apisixnginx_plusnexus_9800linkerdsupport_for_spring_bootnexus_3132q-xnode_healthcheck_operator3scale_api_management_platformnexus_9500nexus_93120txnexus_3264c-enexus_9500_4-slotopenstack_platformtelepresence_video_communication_servernexus_36180yc-rtomcatnexus_3132qnexus_3172tq-32topenshift_distributed_tracingnexus_9348gc-fxpbig-ip_nextenterprise_chat_and_emailbig-ip_global_traffic_managerbig-ip_fraud_protection_serviceunified_contact_center_enterprisecontouropenshift_container_platformnexus_3100-vsecure_malware_analyticsnexus_92160yc_switchnexus_34200yc-smnexus_9348d-gx2anexus_9364c-gxmigration_toolkit_for_virtualizationnexus_3100-zfog_directornexus_9804nexus_3432d-sultra_cloud_core_-_session_management_functionnexus_3524swiftnio_http\/2nexus_3400cryostatnexus_31108pv-vnexus_9372tx_switchnexus_3172tqbig-ip_advanced_web_application_firewalljboss_fusenexus_3172pq-xlfedoranexus_9272qopenshift_developer_tools_and_servicesnexus_9500rdecision_managernexus_9500_supervisor_b\+nexus_3548-x\/xlnexus_9232enexus_92348gc-xunified_attendant_console_advancedopenshift_sandboxed_containersultra_cloud_core_-_serving_gateway_functionnexus_9332d-h2rnexus_93128nexus_3548-xnexus_9200ycnexus_3064tbig-ip_policy_enforcement_managernexus_93108tc-exlogging_subsystem_for_red_hat_openshiftasp.net_corebig-ip_local_traffic_managernexus_93360yc-fx2big-ip_webacceleratornexus_3132q-vnexus_9336c-fx2-esolrcaddyistiounified_contact_center_management_portalnexus_9332cnexus_9200nexus_9516_switchnexus_3548nexus_3172pq\/pq-xlnexus_3048secure_dynamic_attributes_connectornexus_93600cd-gxnexus_9372px_switchnexus_3164qazure_kubernetes_serviceopenshift_secondary_scheduler_operatornexus_9500_8-slotnexus_9508openshift_virtualizationprime_cable_provisioningnexus_9364copensearch_data_preppernexus_93128tx_switchhttpwindows_10_21h2firepower_threat_defensesingle_sign-onnexus_9221cgobuild_of_optaplannerprime_access_registrarnetworkingnexus_9500_16-slotnexus_3232cnexus_93108tc-fxvarnish_cachenexus_9504jboss_enterprise_application_platformwindows_10_1607nexus_92304qcintegration_camel_for_spring_bootrun_once_duration_override_operatornexus_9716d-gxnexus_9000vnexus_3016windows_11_21h2openshift_pipelinesnexus_9408visual_studio_2022nexus_9336pq_acinexus_93180yc-fx3debian_linuxnx-osceph_storagenexus_9316d-gxnginxnexus_93180tc-exadvanced_cluster_management_for_kubernetesprime_network_registrarnexus_3408-straefiknexus_3064xnexus_9336pq_aci_spine_switchnexus_9372pxunified_contact_center_domain_managernettynexus_3264qnexus_3100vnexus_9372tx-e_switchnexus_93108tc-ex_switchtraffic_serverjboss_core_servicesnexus_9300jboss_a-mqjboss_a-mq_streamsnexus_3100nexus_93240tc-fx2machine_deletion_remediation_operatorbig-ip_application_security_managerbuild_of_quarkusnexus_93180yc-ex_switchnexus_9372tx-enode_maintenance_operatornexus_93180yc-ex-24nexus_3064openshift_dev_spacesnexus_9504_switchweb_terminalnexus_9736pqself_node_remediation_operatorcertification_for_red_hat_enterprise_linuxnexus_3172pqnexus_93128txiot_field_network_directornexus_3636c-rnexus_3064-tnexus_9372px-ehttp2nexus_92300yc_switchnexus_9364d-gx2aservice_interconnectnexus_93180yc-fxios_xeopenrestynexus_31128pqopenshift_service_meshbig-ip_analyticsopenshift_data_sciencebig-ip_application_acceleration_managernexus_9336pqnetwork_observability_operatorbig-ip_link_controllernexus_9372px-e_switchnexus_9332pq_switchnexus_9500_supervisor_bhttp_servernexus_93180yc-fx-24windows_10_22h2node.jsnexus_3600nexus_93180lc-exnexus_9636pqservice_telemetry_frameworkbig-ip_application_visibility_and_reportingmigration_toolkit_for_applicationsnexus_9808nexus_93108tc-fx-24nexus_92160yc-xnexus_31108tc-vnexus_3200nexus_9332d-gx2bcrosswork_situation_managernexus_3064-xnghttp2nexus_93180yc-fx3sbig-ip_websafenexus_3464cnexus_93180yc-exnexus_3172nexus_9536pqastra_control_centernexus_9396px_switchnexus_92300ycopenshift_api_for_data_protectionh2ojettynexus_9500_supervisor_anexus_9500_supervisor_a\+nexus_9272q_switchsatellitenexus_93180yc-fx3hprocess_automationdata_center_network_manageransible_automation_platformcost_managementsecure_web_appliance_firmwarejboss_data_gridnexus_9508_switchnexus_3064-32tcert-manager_operator_for_red_hat_openshiftoncommand_insightnexus_93240yc-fx2ios_xrnexus_93180lc-ex_switchfence_agents_remediation_operatorcrosswork_zero_touch_provisioningnexus_3232c_ultra_cloud_core_-_policy_control_functionbig-ip_carrier-grade_natnexus_3172tq-xlnexus_3524-xexpresswaygrpcbusiness_process_automationnexus_93108tc-fx3hnexus_92304qc_switchwindows_10_1809enterprise_linuxenvoyquaycrosswork_data_gatewaynexus_93108tc-fx3pbig-ip_domain_name_systemnexus_3548-xlnexus_93120tx_switchnexus_9432pqopenshift_gitopsnexus_3524-xlnexus_3232nexus_9332pqnexus_3524-x\/xlbig-ip_advanced_firewall_managerprime_infrastructurenexus_3016qjenkinsbig-ip_ssl_orchestratornexus_9348gc-fx3big-ip_access_policy_managerwindows_server_2022connected_mobile_experiencesn/ahttpHTTP/2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-1968
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.44% / 62.11%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 21:50
Updated-19 Nov, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software NX-API Denial of Service Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_6004mds_9140nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_7000_9-slotnexus_9364cnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3164qmds_9200nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172mds_9000nexus_9272qnexus_3464cmds_9700nexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_7700_18-slotnexus_5596upnexus_3524nexus_3548mds_9500nexus_7000_4-slotnexus_7700_6-slotnexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xnexus_7700_10-slotmds_9100nexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_7000_10-slotnexus_7000nexus_92300ycnexus_3064nexus_3232cnexus_5548upnexus_9396pxnexus_5596tnexus_3264c-enexus_7700_2-slotnexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_7000_18-slotnexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software 6.0(2)A4(1)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2019-1947
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.17% / 83.66%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:26
Updated-13 Nov, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asyncosemail_security_applianceCisco Email Security Appliance (ESA)
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1858
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.86% / 85.73%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 01:20
Updated-19 Nov, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exfirepower_4150nexus_56128pnx-osnexus_3636c-r9736pqnexus_7700_supervisor_3en9k-x9732c-fxn9k-c9504-fm-rmds_9506mds_9250inexus_3132q-vnexus_9332cnexus_5020nexus_9336c-fx2x9636q-rnexus_31108tc-vnexus_9348gc-fxpmds_9718mds_9148snexus_9500_supervisor_b\+n7k-f306ck-25mds_9513mds_9148tnexus_93180yc-fxmds_9132tnexus_3432d-sfirepower_4140n7k-m348xp-25lfx-osfirepower_9300_with_1_sm-24_modulen9k-x9736c-fxn9k-x9736c-exmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xlmds_9216ax96136yc-rn77-f348xp-23nexus_9500_supervisor_b7000_18-slotnexus_3048nexus_93360yc-fx2firepower_4120n7k-f312fq-25mds_9396tmds_9396sn77-m312cq-26lnexus_5548upn9k-x9788tc-fxn9k-x9564txfirepower_9300_with_1_sm-36_modulenexus_7000_supervisor_2ex9636c-rxn77-f430cq-36n9k-x9464pxmds_9216inexus_5596tnexus_3132q-x\/3132q-xlnexus_5624q9636pqn9k-x9432c-snexus_93600cd-gxnexus_3408-sn9k-x9636c-rnexus_93108tc-exnexus_9508nexus_93120tx7000_10-slotfirepower_4110nexus_9316d-gxnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004n9k-x9464tx2n7k-f248xp-25en9k-x96136yc-rn77-f324fq-25nexus_31128pqn9k-x9636q-rnexus_9364cnexus_3164qfirepower_9300_with_1_sm-44_modulenexus_7700_supervisor_2e7700_2-slotnexus_3132c-znexus_3172pq\/pq-xlnexus_5548pnexus_5648q9536pqn9k-x9732c-exnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upn77-f312ck-26nexus_3264qnexus_34180ycmds_9509nexus_31108pc-vn9k-x9636c-rxmds_9706nexus_9500_supervisor_a\+7000_4-slotnexus_5596upn7k-m206fq-23ln9k-x97160yc-exnexus_5696qnexus_92160yc-xnexus_9504n77-m324fq-25lnexus_6001nexus_93108tc-fxn7k-m202cf-22ln9k-c9508-fm-rnexus_9500_supervisor_a7000_9-slotnexus_92300ycx9636c-rnexus_3232cfirepower_9300_with_3_sm-44_modulen7k-m324fq-25lmds_9222inexus_50107700_10-slotn77-m348xp-23lnexus_1000v7700_18-slot9432pqnexus_3264c-enexus_93240yc-fx2firepower_extensible_operating_systemmds_9710nexus_3172tq-xlnexus_93180yc-exn9k-x9564pxnexus_9516n7k-m224xp-23lnexus_5672up-16gCisco Firepower Extensible Operating System (FXOS)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-1957
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 65.71%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:30
Updated-19 Nov, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability

A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iot_field_network_directorCisco IoT Field Network Director (IoT-FND)
CWE ID-CWE-399
Not Available
CVE-2019-1873
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.54% / 66.72%
||
7 Day CHG~0.00%
Published-10 Jul, 2019 | 17:30
Updated-19 Nov, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5508-x_firmwareasa_5506w-xasa_5506-xasa_5516-xasa_5516-x_firmwareasa_5506w-x_firmwareasa_5506h-xasa_5508-xasa_5506h-x_firmwareasa_5506-x_firmwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1900
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.01%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:20
Updated-19 Nov, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_c125_m5ucs_s3260integrated_management_controller_supervisorucs_c4200unified_computing_systemCisco Unified Computing System (Management Software)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-1967
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.57% / 84.96%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 21:45
Updated-19 Nov, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability

A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_6004mds_9140nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_7000_9-slotnexus_9364cnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3164qmds_9200nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172mds_9000nexus_9272qnexus_3464cmds_9700nexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_7700_18-slotnexus_5596upnexus_3524nexus_3548mds_9500nexus_7000_4-slotnexus_7700_6-slotnexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xnexus_7700_10-slotmds_9100nexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_7000_10-slotnexus_7000nexus_92300ycnexus_3064nexus_3232cnexus_5548upnexus_9396pxnexus_5596tnexus_3264c-enexus_7700_2-slotnexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_7000_18-slotnexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-1708
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.11% / 77.27%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:10
Updated-19 Nov, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5506w-xasa-5506-xasa_5545-xadaptive_security_appliance_softwareasa_5516-xasa_5506h-xasa-5525-xasa_5508-xasa-5555-xfirepower_threat_defenseCisco Firepower Threat Defense (FTD) SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-1747
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.52% / 80.48%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:50
Updated-19 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability

A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS and IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1694
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.11% / 77.27%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 15:10
Updated-19 Nov, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software TCP Timer Handling Denial of Service Vulnerability

A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An attacker could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5550asa_5545-xasa_5505asa_5540adaptive_security_appliance_softwareasa_5555-xasa_5520asa_5510asa_5525-xasa_5580asa_5585-xasa_5512-xfirepower_threat_defenseasa_5515-xCisco Firepower Threat Defense (FTD) SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1741
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.11% / 77.27%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:25
Updated-19 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-416
Use After Free
CVE-2019-1766
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-3.19% / 86.47%
||
7 Day CHG~0.00%
Published-22 Mar, 2019 | 20:05
Updated-19 Nov, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 12.5(1)SR1.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_8800_firmwareip_phone_8800Cisco IP Phone 8800 Series Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1814
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.40% / 59.56%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 23:45
Updated-21 Nov, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business 300 Series Managed Switches DHCP Denial of Service Vulnerability

A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf300-24p_firmwaresg300-10p_firmwaresg300-52_firmwaresg300-28mpsf302-08mp_firmwaresg300-52mpsf302-08sg300-10pp_firmwaresg300-28pp_firmwaresg300-10sf302-08p_firmwaresg300-52sf300-48p_firmwaresf302-08mpp_firmwaresg300-10mppsg300-52psg300-28psf300-24psf300-24sg300-20sg300-10psg300-52p_firmwaresg300-20_firmwaresf300-48ppsf302-08mppsf302-08mpsg300-10mp_firmwaresf300-48pp_firmwaresf302-08_firmwaresg300-10mpsf300-24mpsg300-10sfpsg300-28mp_firmwaresf300-08sf300-48psf300-24_firmwaresg300-10ppsf300-24mp_firmwaresg300-28_firmwaresf302-08psf302-08pp_firmwaresf302-08ppsf300-48sf300-24ppsf300-08_firmwaresg300-10sfp_firmwaresg300-10_firmwaresg300-28sg300-28ppsf300-48_firmwaresg300-52mp_firmwaresf300-24pp_firmwaresg300-10mpp_firmwaresg300-28p_firmwareCisco Small Business 300 Series Managed Switches
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-1703
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.41% / 60.73%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:00
Updated-19 Nov, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Packet Processing Denial of Service Vulnerability

A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for the Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error, which may prevent ingress buffers from being replenished under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to consume all input buffers, which are shared between all interfaces, leading to a queue wedge condition in all active interfaces. This situation would cause an affected device to stop processing any incoming traffic and result in a DoS condition until the device is reloaded manually.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_2140firepower_2120firepower_2130firepower_2110firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-1739
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.77% / 85.46%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:20
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS and Cisco IOS-XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1687
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.19%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 15:00
Updated-21 Nov, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability

A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error in TCP-based packet inspection, which could cause the TCP packet to have an invalid Layer 2 (L2)-formatted header. An attacker could exploit this vulnerability by sending a crafted TCP packet sequence to the targeted device. A successful exploit could allow the attacker to cause a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5550asa_5545-xasa_5505asa_5540adaptive_security_appliance_softwareasa_5555-xasa_5520asa_5510asa_5525-xasa_5580asa_5585-xasa_5512-xfirepower_threat_defenseasa_5515-xCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1738
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.77% / 85.46%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:15
Updated-19 Nov, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerability

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS and IOS-XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1718
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 66.38%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 22:00
Updated-19 Nov, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine SSL Renegotiation Denial of Service Vulnerability

A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of Secure Sockets Layer (SSL) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. An successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. This vulnerability affects version 2.1.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-399
Not Available
CVE-2019-1740
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.05% / 76.65%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:25
Updated-19 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS and Cisco IOS-XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1752
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.53% / 80.55%
||
7 Day CHG~0.00%
Published-28 Mar, 2019 | 00:05
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability

A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS and IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1789
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-2.42% / 84.51%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 18:25
Updated-19 Nov, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV Denial of Service Vulnerability

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1817
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.67% / 70.42%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:30
Updated-19 Nov, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Web Security Appliance Malformed Request Denial of Service Vulnerability

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of HTTP and HTTPS requests. An attacker could exploit this vulnerability by sending a malformed HTTP or HTTPS request to an affected device. An exploit could allow the attacker to cause a restart of the web proxy process, resulting in a temporary DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-web_security_applianceCisco Web Security Appliance (WSA)
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1706
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.54% / 66.72%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:10
Updated-19 Nov, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software IPsec Denial of Service Vulnerability

A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa-5545-xasa-5506-xasa-5516-xasa-5506h-xasa-5506w-xadaptive_security_appliance_softwareasa-5508-xasa-5525-xasa-5555-xCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-1737
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.11% / 77.27%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:05
Updated-19 Nov, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability

A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS and IOS-XE Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-16023
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.31% / 78.98%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:26
Updated-13 Nov, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ncs_5001ncs_5002asr_9010asr_9000ncs_560ncs_5011ncs_1001ios_xrv_9000ncs_6000asr_9910asr_9904asr_9912asr_9922ncs_540carrier_routing_systemncs_1004ncs_540lncs_1002ios_xrncs_5500Cisco IOS XR Software
CWE ID-CWE-399
Not Available
CVE-2019-15989
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.50% / 84.74%
||
7 Day CHG~0.00%
Published-26 Jan, 2020 | 04:30
Updated-15 Nov, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability

A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-xrv_9000ncs_5502-sencs_5508ncs_5001ncs_5002ncs_5501asr_9010ncs_560ncs_1001asr_9001ncs_5516ncs_6000ncs_5501-seasr_9000vasr_9910asr_9906asr_9904asr_9006asr_9912ncs_540crsasr_9922ncs_1004ncs_540lncs_1002ios_xrncs_5502asr_9901Cisco IOS XR Software
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-16020
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.50% / 84.74%
||
7 Day CHG~0.00%
Published-26 Jan, 2020 | 04:30
Updated-15 Nov, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-xrv_9000ncs_5502-sencs_5508ncs_5001ncs_5002ncs_5501asr_9010ncs_560ncs_1001asr_9001ncs_5516ncs_6000ncs_5501-seasr_9000vasr_9910asr_9906asr_9904asr_9006asr_9912ncs_540crsasr_9922ncs_1004ncs_540lncs_1002ios_xrncs_5502asr_9901Cisco IOS XR Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-1635
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.16% / 77.68%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 14:55
Updated-19 Nov, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability

A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_8841ip_phone_8861ip_conference_phone_8832ip_phone_8845_firmwareip_phone_7841ip_phone_7811_firmwareunified_ip_8831_conference_phone_for_third-party_call_control2ip_phone_8811wireless_ip_phone_8821-ex_firmwareip_phone_8811_firmwareip_conference_phone_8832_firmwareip_phone_7861_firmwareunified_ip_8831_conference_phone1ip_phone_8845ip_phone_8851_firmwareip_phone_7821_firmwareip_phone_8841_firmwareip_phone_8865_firmwareip_conference_phone_7832ip_phone_8865ip_phone_7841_firmwareunified_ip_8831_conference_phone_for_third-party_call_control2_firmwarewireless_ip_phone_8821-exip_conference_phone_7832_firmwareunified_ip_8831_conference_phone1_firmwareip_phone_7811ip_phone_7861ip_phone_8851ip_phone_8861_firmwarewireless_ip_phone_8821ip_phone_7821wireless_ip_phone_8821_firmwareCisco Wireless IP Phone 8821 and 8821-EXCisco IP Phone 7800 Series and 8800 Series
CWE ID-CWE-399
Not Available
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-16019
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.31% / 78.98%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:26
Updated-13 Nov, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ncs_5001ncs_5002asr_9010asr_9000ncs_560ncs_5011ncs_1001ios_xrv_9000ncs_6000asr_9910asr_9904asr_9912asr_9922ncs_540carrier_routing_systemncs_1004ncs_540lncs_1002ios_xrncs_5500Cisco IOS XR Software
CWE ID-CWE-399
Not Available
CVE-2019-16022
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.50% / 84.74%
||
7 Day CHG~0.00%
Published-26 Jan, 2020 | 04:31
Updated-15 Nov, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-xrv_9000ncs_5502-sencs_5508ncs_5001ncs_5002ncs_5501asr_9010ncs_560ncs_1001asr_9001ncs_5516ncs_6000ncs_5501-seasr_9000vasr_9910asr_9906asr_9904asr_9006asr_9912ncs_540crsasr_9922ncs_1004ncs_540lncs_1002ios_xrncs_5502asr_9901Cisco IOS XR Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-15262
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.93% / 85.87%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-19 Nov, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Wireless LAN Controller Secure Shell Denial of Service Vulnerability

A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when an SSH connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly opening SSH connections to an affected device. A successful exploit could allow the attacker to exhaust system resources by initiating multiple SSH connections to the device that are not effectively terminated, which could result in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-5520_wireless_lan_controller_firmware5520_wireless_lan_controller5508_wireless_lan_controller_firmware5508_wireless_lan_controllerCisco Wireless LAN Controller (WLC)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2019-12678
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.92% / 74.95%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-19 Nov, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a malicious SIP packet through an affected device. A successful exploit could allow the attacker to trigger an integer underflow, causing the software to try to read unmapped memory and resulting in a crash.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5550adaptive_security_applianceasa_5505adaptive_security_appliance_softwareasa_5555-xasa_5520asa_5510asa_5525-xasa_5580asa_5585-xasa_5512-xfirepower_threat_defenseasa_5515-xCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-12655
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.22% / 78.27%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-19 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosCisco IOS XE Software 3.16.8S
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-12659
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 65.89%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-19 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software HTTP Server Denial of Service Vulnerability

A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecbr-8_converged_broadband_routerCisco IOS XE Software 3.2.0JA
CWE ID-CWE-399
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 17
  • 18
  • Next
Details not found