Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-20260

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-23 Oct, 2024 | 17:07
Updated At-24 Oct, 2024 | 17:30
Rejected At-
Credits

Cisco Adaptive Security Virtual Appliance and Secure Firewall Threat Defense Virtual SSL VPN Denial of Service Vulnerability

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together. This vulnerability is due to a lack of proper memory management for new incoming SSL/TLS connections on the virtual platforms. An attacker could exploit this vulnerability by sending a large number of new incoming SSL/TLS connections to the targeted virtual platform. A successful exploit could allow the attacker to deplete system memory, resulting in a denial of service (DoS) condition. The memory could be reclaimed slowly if the attack traffic is stopped, but a manual reload may be required to restore operations quickly.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:23 Oct, 2024 | 17:07
Updated At:24 Oct, 2024 | 17:30
Rejected At:
▼CVE Numbering Authority (CNA)
Cisco Adaptive Security Virtual Appliance and Secure Firewall Threat Defense Virtual SSL VPN Denial of Service Vulnerability

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together. This vulnerability is due to a lack of proper memory management for new incoming SSL/TLS connections on the virtual platforms. An attacker could exploit this vulnerability by sending a large number of new incoming SSL/TLS connections to the targeted virtual platform. A successful exploit could allow the attacker to deplete system memory, resulting in a denial of service (DoS) condition. The memory could be reclaimed slowly if the attack traffic is stopped, but a manual reload may be required to restore operations quickly.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Adaptive Security Appliance (ASA) Software
Default Status
unknown
Versions
Affected
  • 9.12.3
  • 9.12.1
  • 9.8.3
  • 9.12.2
  • 9.8.1
  • 9.8.2
  • 9.8.4
  • 9.8.2.45
  • 9.14.1
  • 9.12.4
  • 9.8.2.28
  • 9.8.2.17
  • 9.8.2.14
  • 9.8.2.8
  • 9.8.2.26
  • 9.8.2.38
  • 9.8.2.15
  • 9.8.2.24
  • 9.8.2.35
  • 9.8.2.33
  • 9.8.2.20
  • 9.8.4.25
  • 9.8.3.29
  • 9.8.4.17
  • 9.12.2.5
  • 9.12.2.4
  • 9.8.4.7
  • 9.12.1.3
  • 9.12.3.9
  • 9.8.4.8
  • 9.8.4.20
  • 9.12.2.9
  • 9.8.3.14
  • 9.12.2.1
  • 9.8.3.18
  • 9.8.3.16
  • 9.8.4.12
  • 9.8.3.21
  • 9.8.4.15
  • 9.8.4.10
  • 9.12.3.12
  • 9.8.3.26
  • 9.12.3.7
  • 9.14.1.10
  • 9.8.4.22
  • 9.8.1.7
  • 9.12.1.2
  • 9.8.3.11
  • 9.12.3.2
  • 9.8.4.3
  • 9.8.1.5
  • 9.12.4.2
  • 9.14.1.6
  • 9.8.3.8
  • 9.14.1.15
  • 9.14.1.19
  • 9.8.4.26
  • 9.12.4.4
  • 9.14.1.30
  • 9.8.4.29
  • 9.12.4.7
  • 9.15.1
  • 9.14.2
  • 9.8.4.32
  • 9.12.4.10
  • 9.14.2.4
  • 9.15.1.7
  • 9.14.2.8
  • 9.12.4.13
  • 9.15.1.10
  • 9.14.2.13
  • 9.8.4.34
  • 9.12.4.18
  • 9.15.1.15
  • 9.8.4.35
  • 9.14.2.15
  • 9.12.4.24
  • 9.16.1
  • 9.15.1.16
  • 9.8.4.39
  • 9.14.3
  • 9.12.4.26
  • 9.16.1.28
  • 9.14.3.1
  • 9.12.4.29
  • 9.14.3.9
  • 9.16.2
  • 9.12.4.30
  • 9.16.2.3
  • 9.8.4.40
  • 9.14.3.11
  • 9.15.1.17
  • 9.12.4.35
  • 9.8.4.41
  • 9.15.1.1
  • 9.14.3.13
  • 9.16.2.7
  • 9.12.4.37
  • 9.14.3.15
  • 9.17.1
  • 9.16.2.11
  • 9.14.3.18
  • 9.16.2.13
  • 9.12.4.39
  • 9.12.4.38
  • 9.8.4.43
  • 9.14.4
  • 9.16.2.14
  • 9.17.1.7
  • 9.12.4.40
  • 9.15.1.21
  • 9.16.3.3
  • 9.16.3
  • 9.14.4.6
  • 9.17.1.9
  • 9.14.4.7
  • 9.16.3.14
  • 9.12.4.41
  • 9.17.1.10
  • 9.8.4.44
  • 9.18.1
  • 9.14.4.12
  • 9.12.4.47
  • 9.16.3.15
  • 9.18.1.3
  • 9.17.1.11
  • 9.12.4.48
  • 9.14.4.13
  • 9.18.2
  • 9.16.3.19
  • 9.17.1.13
  • 9.12.4.50
  • 9.14.4.14
  • 9.17.1.15
  • 9.8.4.45
  • 9.12.4.52
  • 9.14.4.15
  • 9.16.3.23
  • 9.18.2.5
  • 9.16.4
  • 9.12.4.54
  • 9.14.4.17
  • 9.8.4.46
  • 9.17.1.20
  • 9.18.2.7
  • 9.19.1
  • 9.16.4.9
  • 9.12.4.55
  • 9.18.2.8
  • 9.14.4.22
  • 9.16.4.14
  • 9.8.4.48
  • 9.18.3
  • 9.19.1.5
  • 9.14.4.23
  • 9.12.4.56
  • 9.16.4.18
  • 9.17.1.30
  • 9.19.1.9
  • 9.18.3.39
  • 9.16.4.19
  • 9.12.4.58
  • 9.19.1.12
  • 9.18.3.46
  • 9.16.4.27
  • 9.19.1.18
  • 9.18.3.53
  • 9.18.3.55
  • 9.16.4.38
  • 9.17.1.33
  • 9.12.4.62
  • 9.16.4.39
  • 9.18.3.56
  • 9.16.4.42
  • 9.19.1.22
  • 9.18.4
  • 9.18.4.5
  • 9.19.1.24
  • 9.16.4.48
  • 9.18.4.8
  • 9.20.2
  • 9.19.1.27
  • 9.12.4.65
  • 9.16.4.55
  • 9.18.4.22
  • 9.20.2.10
  • 9.16.4.57
  • 9.19.1.28
  • 9.17.1.39
  • 9.12.4.67
  • 9.14.4.24
  • 9.18.4.24
  • 9.20.2.21
  • 9.16.4.61
  • 9.19.1.31
  • 9.18.4.29
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Firepower Threat Defense Software
Default Status
unknown
Versions
Affected
  • 6.2.3.7
  • 6.4.0
  • 6.4.0.1
  • 6.2.3.15
  • 6.2.3.5
  • 6.2.3
  • 6.2.3.4
  • 6.2.3.10
  • 6.4.0.4
  • 6.4.0.6
  • 6.4.0.5
  • 6.2.3.13
  • 6.2.3.2
  • 6.4.0.2
  • 6.2.3.14
  • 6.2.3.8
  • 6.2.3.3
  • 6.2.3.1
  • 6.2.3.12
  • 6.2.3.11
  • 6.2.3.6
  • 6.4.0.3
  • 6.2.3.9
  • 6.4.0.8
  • 6.4.0.7
  • 6.6.0
  • 6.4.0.9
  • 6.2.3.16
  • 6.6.0.1
  • 6.6.1
  • 6.4.0.10
  • 6.7.0
  • 6.4.0.11
  • 6.6.3
  • 6.7.0.1
  • 6.6.4
  • 6.4.0.12
  • 6.7.0.2
  • 7.0.0
  • 6.2.3.17
  • 7.0.0.1
  • 6.6.5
  • 7.0.1
  • 7.1.0
  • 6.4.0.13
  • 6.6.5.1
  • 6.2.3.18
  • 7.0.1.1
  • 6.7.0.3
  • 6.4.0.14
  • 7.1.0.1
  • 6.6.5.2
  • 7.0.2
  • 6.4.0.15
  • 7.2.0
  • 7.0.2.1
  • 7.0.3
  • 6.6.7
  • 7.2.0.1
  • 7.0.4
  • 7.2.1
  • 7.0.5
  • 6.4.0.16
  • 7.3.0
  • 7.2.2
  • 6.6.7.1
  • 7.2.3
  • 7.3.1
  • 7.1.0.3
  • 7.2.4
  • 7.0.6
  • 7.2.5
  • 7.2.4.1
  • 7.3.1.1
  • 6.4.0.17
  • 7.0.6.1
  • 7.2.5.1
  • 7.4.1
  • 7.2.6
  • 7.0.6.2
  • 7.4.1.1
  • 6.6.7.2
  • 6.4.0.18
  • 7.2.7
  • 7.2.5.2
  • 7.3.1.2
  • 7.2.8
  • 7.2.8.1
Problem Types
TypeCWE IDDescription
cweCWE-789Uncontrolled Memory Allocation
Type: cwe
CWE ID: CWE-789
Description: Uncontrolled Memory Allocation
Metrics
VersionBase scoreBase severityVector
3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdvirtual-dos-MuenGnYR
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdvirtual-dos-MuenGnYR
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Cisco Systems, Inc.cisco
Product
firepower_threat_defense_software
CPEs
  • cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 6.2.3 through 6.2.3.18 (custom)
  • From 7.4.1 through 7.4.1.1 (custom)
  • From 7.3.0 through 7.3.1.2 (custom)
  • From 7.2.0 through 7.2.8.1 (custom)
  • From 7.1.0 through 7.1.0.3 (custom)
  • From 7.0.0 through 7.0.6.2 (custom)
  • From 6.7.0 through 6.7.0.3 (custom)
  • From 6.6.0 through 6.6.7.2 (custom)
  • From 6.4.0 through 6.4.0.18 (custom)
Vendor
Cisco Systems, Inc.cisco
Product
adaptive_security_appliance_software
CPEs
  • cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 9.8.1 through 9.8.4.48 (custom)
  • From 9.20.2 through 9.20.2.21 (custom)
  • From 9.19.1 through 9.19.1.31 (custom)
  • From 9.18.1 through 9.18.4.29 (custom)
  • From 9.17.1 through 19.17.1.39 (custom)
  • From 9.16.1 through 9.16.4.61 (custom)
  • From 9.15.1 through 9.15.1.21 (custom)
  • From 9.14.1 through 9.14.4.24 (custom)
  • From 9.12.1 through 9.12.4.67 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:23 Oct, 2024 | 17:15
Updated At:25 Oct, 2024 | 12:56

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together. This vulnerability is due to a lack of proper memory management for new incoming SSL/TLS connections on the virtual platforms. An attacker could exploit this vulnerability by sending a large number of new incoming SSL/TLS connections to the targeted virtual platform. A successful exploit could allow the attacker to deplete system memory, resulting in a denial of service (DoS) condition. The memory could be reclaimed slowly if the attack traffic is stopped, but a manual reload may be required to restore operations quickly.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-789Secondaryykramarz@cisco.com
CWE ID: CWE-789
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdvirtual-dos-MuenGnYRykramarz@cisco.com
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdvirtual-dos-MuenGnYR
Source: ykramarz@cisco.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

231Records found
CVE-2021-1573
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.18% / 40.28%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 18:55
Updated-06 Nov, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliancefirepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance Software
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1622
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.32% / 54.44%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:25
Updated-07 Nov, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Common Open Policy Service Denial of Service Vulnerability

A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. This vulnerability is due to a deadlock condition in the code when processing COPS packets under certain conditions. An attacker could exploit this vulnerability by sending COPS packets with high burst rates to an affected device. A successful exploit could allow the attacker to cause the CPU to consume excessive resources, which prevents other control plane processes from obtaining resources and results in a DoS.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeasr_901-4c-ft-dasr_901-6cz-ft-d7600_routerasr_901-6cz-f-aasr_901-6cz-f-dasr_901-6cz-ft-aasr_901-12c-ft-dcbr-8asr_901-12c-f-dasr_901-6cz-fs-aasr_901-4c-f-dasr_901-6cz-fs-dCisco IOS XE Software
CWE ID-CWE-833
Deadlock
CWE ID-CWE-667
Improper Locking
CVE-2021-1615
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.44% / 62.38%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:30
Updated-07 Nov, 2024 | 21:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability

A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_9105catalyst_9124catalyst_9120embedded_wireless_controllercatalyst_9117catalyst_9115catalyst_9130Cisco IOS XE Software
CWE ID-CWE-410
Insufficient Resource Pool
CVE-2021-1523
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.54% / 66.51%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 19:10
Updated-07 Nov, 2024 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in one or more leaf switches being removed from the fabric. This vulnerability is due to mishandling of ingress TCP traffic to a specific port. An attacker could exploit this vulnerability by sending a stream of TCP packets to a specific port on a Switched Virtual Interface (SVI) configured on the device. A successful exploit could allow the attacker to cause a specific packet queue to queue network buffers but never process them, leading to an eventual queue wedge. This could cause control plane traffic to be dropped, resulting in a denial of service (DoS) condition where the leaf switches are unavailable. Note: This vulnerability requires a manual intervention to power-cycle the device to recover.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_9372txnexus_9372tx-enexus_9332pqnexus_9396pxnx-osnexus_9372pxnexus_9372px-enexus_93120txnexus_9396txnexus_93128txCisco NX-OS System Software in ACI Mode
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-1504
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.31% / 53.75%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 17:31
Updated-08 Nov, 2024 | 23:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1587
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.35% / 56.60%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 19:11
Updated-07 Nov, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability

A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific packets with a Transparent Interconnection of Lots of Links (TRILL) OAM EtherType. An attacker could exploit this vulnerability by sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN (EVPN) fabric. A successful exploit could allow the attacker to cause an affected device to experience high CPU usage and consume excessive system resources, which may result in overall control plane instability and cause the affected device to reload. Note: The NGOAM feature is disabled by default.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3548-x\/xlnexus_93108tc-exnx-osnexus_3636c-rnexus_9364c-gxnexus_9372pxnexus_9508nexus_93108tc-fx-24nexus_92304qcnexus_93120txnexus_92160yc-xnexus_93128txnexus_9316d-gxnexus_93108tc-ex-24nexus_3524-x\/xlnexus_3048nexus_9372tx-enexus_93108tc-fx3pnexus_93108tc-fxnexus_93360yc-fx2nexus_9396txnexus_31128pqnexus_3132q-vnexus_93180yc-fx3snexus_9332cnexus_3164qnexus_92300ycnexus_92348gc-xnexus_9336c-fx2nexus_9364cnexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vnexus_3232cnexus_9348gc-fxpnexus_9272qnexus_93180yc-fx-24nexus_9336c-fx2-enexus_9396pxnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xlnexus_93180yc-fxnexus_9372txnexus_3264qnexus_3432d-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_34180ycnexus_9000vnexus_93600cd-gxnexus_9372px-enexus_3000nexus_31108pc-vnexus_9236cnexus_93180yc-fx3nexus_93180yc-ex-24Cisco NX-OS Software
CWE ID-CWE-115
Misinterpretation of Input
CWE ID-CWE-436
Interpretation Conflict
CVE-2021-1565
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.24% / 46.74%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:30
Updated-07 Nov, 2024 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_9300-24u-ecatalyst_9300-48t-ecatalyst_9400_supervisor_engine-1catalyst_9300l-48t-4g-ecatalyst_9300l-48p-4g-acatalyst_9300l-48p-4g-ecatalyst_9300-48un-acatalyst_9300l-24t-4g-acatalyst_9300l-48t-4g-acatalyst_9300l-24t-4x-acatalyst_9300l_stackcatalyst_9300l-24t-4x-ecatalyst_9300-48un-ecatalyst_9300-24p-ecatalyst_9800-l-ccatalyst_9300-48p-acatalyst_9300-24s-acatalyst_9300-48t-acatalyst_9300-48uxm-ecatalyst_9300l-24p-4g-ecatalyst_9300l-48t-4x-ecatalyst_9300l-48t-4x-acatalyst_9800-80catalyst_9300l-48p-4x-ecatalyst_9400catalyst_9800-l-fcatalyst_9800_firmwarecatalyst_9800-lcatalyst_9300l-24p-4g-acatalyst_9800-40catalyst_9300-48uxm-acatalyst_9300l-24p-4x-ecatalyst_9300l-48p-4x-aembedded_wireless_controllercatalyst_9300-24s-ecatalyst_9300-48u-ecatalyst_9300-24ux-acatalyst_9300-24p-acatalyst_9300-48u-acatalyst_9500catalyst_9300-48s-acatalyst_9300-24t-ecatalyst_9300l-24t-4g-eios_xecatalyst_9300l-24p-4x-acatalyst_9300-24t-acatalyst_9300-48s-ecatalyst_9410rcatalyst_9300-24u-acatalyst_9300lcatalyst_9300-48p-ecatalyst_9800-clcatalyst_9407rcatalyst_9300-24ux-eCisco IOS XE Software
CWE ID-CWE-415
Double Free
CVE-2021-1446
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.29% / 84.05%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:06
Updated-08 Nov, 2024 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability

A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a logic error that occurs when an affected device inspects certain DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through an affected device that is performing NAT for DNS packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability can be exploited only by traffic that is sent through an affected device via IPv4 packets. The vulnerability cannot be exploited via IPv6 traffic.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2021-1445
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.31% / 53.75%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 17:30
Updated-08 Nov, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1241
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.60% / 68.38%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 20:10
Updated-12 Nov, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Denial of Service Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_100b_routervedge_cloud_routersd-wan_vbond_orchestratorvedge_5000_routervedge_100_routersd-wan_firmwareios_xe_sd-wanvedge_2000_routersd-wan_vsmart_controller_firmwarevedge_100wm_routercatalyst_sd-wan_managervedge_1000_routervedge_100m_routerCisco SD-WAN Solution
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-1288
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.60% / 68.38%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:35
Updated-08 Nov, 2024 | 23:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Enf Broker Denial of Service Vulnerability

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Software
CWE ID-CWE-399
Not Available
CVE-2021-1387
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.95% / 75.38%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 19:30
Updated-08 Nov, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_34200yc-smnexus_56128pnexus_9332pqnexus_3132q-xnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_3100-vnexus_93120txnexus_9316d-gxnexus_93128txnexus_6004nexus_92160yc_switchnexus_3100-znexus_3548-xlnexus_3016qnexus_3132q-vnexus_9332cnexus_31128pqnexus_93180yc-fx3snexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_6001pnexus_3164qnexus_9364cnexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172nexus_9272qnexus_93180yc-fx-24nexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_93180tc-exnexus_3264qnexus_3432d-snexus_7004ucs_6454nexus_34180ycnexus_9000vnexus_31108pc-vnexus_3064-32tnexus_5596upnexus_93180yc-fx3nexus_7009nexus_3524nexus_93180yc-ex-24nexus_3100vnexus_3548nexus_3132qnexus_3016nexus_7018nexus_9372pxnexus_9364c-gxucs_64108nexus_93108tc-fx-24nexus_92304qcnexus_5696qnexus_92160yc-xnexus_7710nexus_93108tc-ex-24nexus_3064xnexus_31108pv-vnexus_3048nexus_9372tx-enexus_9504nexus_6001nexus_93108tc-fx3pnexus_93360yc-fx2nexus_93108tc-fxnexus_3064tnexus_3524-xlnexus_9396txnexus_7000nexus_7010nexus_3064unified_computing_systemnexus_92300ycnexus_3172pqnexus_7706nexus_3064-xnexus_7718nexus_3232cnexus_5548upnexus_9336c-fx2-enexus_9396pxnexus_9221cnexus_9500rnexus_5596tnexus_7702nexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_6004xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93600cd-gxnexus_3408-snexus_6001tnexus_9372px-enexus_93180yc-exnexus_93128nexus_9336pqnexus_9236cnexus_9516nexus_3172pq-xlnexus_7700nexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-1353
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.52% / 65.90%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 20:00
Updated-12 Nov, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco StarOS IPv4 Denial of Service Vulnerability

A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-starosasr_5000asr_5500virtualized_packet_core-single_instanceasr_5700Cisco ASR 5000 Series Software
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-3397
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.53% / 66.21%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 15:40
Updated-13 Nov, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Border Gateway Protocol Multicast VPN Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3132c-znexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_92300ycnexus_3064nexus_3232cnexus_9396pxnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3571
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.56% / 67.44%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:40
Updated-13 Nov, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower 4110 ICMP Flood Denial of Service Vulnerability

A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation upon receiving ICMP packets. An attacker could exploit this vulnerability by sending a high number of crafted ICMP or ICMPv6 packets to an affected device. A successful exploit could allow the attacker to cause a memory exhaustion condition that may result in an unexpected reload. No manual intervention is needed to recover the device after the reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_4112firepower_4150firepower_4140firepower_4145firepower_4110firepower_4120firepower_4115firepower_4125firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3492
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.56% / 67.44%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:52
Updated-13 Nov, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability

A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of certain parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by spoofing the address of an existing Access Point on the network and sending a Control and Provisioning of Wireless Access Points (CAPWAP) packet that includes a crafted Flexible NetFlow Version 9 record to an affected device. A successful exploit could allow the attacker to cause a process crash that would lead to a reload of the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-l-ccatalyst_9800-40catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco Wireless LAN Controller (WLC)
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3203
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.85% / 73.92%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:40
Updated-15 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability

A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-l-ccatalyst_9800-40catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software 16.1.1
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-3226
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.16% / 77.68%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:42
Updated-15 Nov, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on received SIP messages. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS 15.0(2)SG11a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3225
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.16% / 77.68%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:42
Updated-15 Nov, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS 12.2(55)SE
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3351
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.56% / 67.44%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 17:21
Updated-15 Nov, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Solution Software Denial of Service Vulnerability

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system. A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_2000vedge_cloud_routervedge_100mvedge_5000vsmart_controllervedge_100sd-wan_firmwarevedge_1000vedge_100wmvedge_100bCisco SD-WAN Solution
CWE ID-CWE-399
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-20717
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.32%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:15
Updated-06 Nov, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability

A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Cisco Systems, Inc.
Product-sd-wan_vedge_routersd-wan_2100sd-wan_2000sd-wan_1100sd-wan_1000sd-wan_5100sd-wan_210sd-wan_1101100_integrated_services_routerCisco SD-WAN vEdge router
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-20202
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 24.36%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 17:24
Updated-21 Nov, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_9800-lcatalyst_iw6300iw9167eh-x-apcatalyst_9162catalyst_9800-40iw9167eh-x-wgbcatalyst_9166d1catalyst_9120catalyst_9164esw6300catalyst_9105icatalyst_9105wiw9167eh-x-urwbcatalyst_9166ios_xecatalyst_9136catalyst_9124ecatalyst_9124dcatalyst_9800-clcatalyst_9800-80catalyst_9115catalyst_9124iiw9167ih-x-apcatalyst_9130Cisco IOS XE Software
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2023-20089
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.11% / 29.76%
||
7 Day CHG~0.00%
Published-23 Feb, 2023 | 00:00
Updated-25 Oct, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_93108tc-exnexus_9332d-gx2bnx-osnexus_9372pxnexus_9364c-gxnexus_9508nexus_93108tc-fx-24nexus_92304qcnexus_93120txnexus_92160yc-xnexus_93128txnexus_9316d-gxnexus_9336pq_aci_spinenexus_93108tc-ex-24nexus_9408nexus_9372tx-enexus_93108tc-fx3pnexus_93108tc-fxnexus_93360yc-fx2nexus_9364d-gx2anexus_9396txnexus_93180yc-fx3snexus_9332cnexus_9364cnexus_92300ycnexus_92348gc-xnexus_9336c-fx2nexus_9348gc-fxpnexus_9808nexus_9272qnexus_93180yc-fx-24nexus_9336c-fx2-enexus_9396pxnexus_93216tc-fx2nexus_93240yc-fx2nexus_93180yc-fxnexus_9372txnexus_9348d-gx2anexus_93180yc-exnexus_93600cd-gxnexus_9000vnexus_9372px-enexus_9236cnexus_93180yc-fx3nexus_93180yc-ex-24Cisco NX-OS System Software in ACI Mode
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-20108
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.27%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_manager_im_and_presence_serviceCisco Unified Communications Manager IM and Presence Service
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-1283
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.06%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 19:56
Updated-12 Nov, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is written to system log files. An attacker could exploit this vulnerability by authenticating to an affected device and inspecting a specific system log file. A successful exploit could allow the attacker to view sensitive information in the system log file. To exploit this vulnerability, the attacker would need to have valid user credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2020-3596
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.60% / 68.38%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 04:20
Updated-13 Nov, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Expressway Series and TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of incoming SIP traffic. An attacker could exploit this vulnerability by sending a series of SIP packets to an affected device. A successful exploit could allow the attacker to exhaust memory on an affected device, causing it to crash and leading to a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-expresswaytelepresence_video_communication_serverCisco TelePresence Video Communication Server (VCS) Expressway
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2025-20165
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.27%
||
7 Day CHG+0.03%
Published-22 Jan, 2025 | 16:21
Updated-06 Aug, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco BroadWorks SIP Denial of Service Vulnerability

A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-broadworks_network_serverCisco BroadWorks
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2025-20140
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.02% / 3.47%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:36
Updated-31 Jul, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of IPv6 network requests from an associated wireless IPv6 client to an affected device. To associate a client to a device, an attacker may first need to authenticate to the network, or associate freely in the case of a configured open network. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to stop responding, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9130axecatalyst_9800-40catalyst_9120axpcatalyst_cw9800h2catalyst_9800-80catalyst_9800-lcatalyst_cw9800mcatalyst_9130axicatalyst_9800-cl_wireless_controllers_for_cloudcatalyst_9115axicatalyst_9117axicatalyst_9120axecatalyst_9105axicatalyst_cw9800h1catalyst_9115axecatalyst_9120axiCisco IOS XE Software
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2022-20845
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.03% / 7.57%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 15:32
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Network Convergence System 4000 Series TL1 Denial of Service Vulnerability

A vulnerability in the TL1 function of Cisco Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process. This vulnerability is due to TL1 not freeing memory under some conditions. An attacker could exploit this vulnerability by connecting to the device and issuing TL1 commands after being authenticated. A successful exploit could allow the attacker to cause the TL1 process to consume large amounts of memory. When the memory reaches a threshold, the Resource Monitor (Resmon) process will begin to restart or shutdown the top five consumers of memory, resulting in a denial of service (DoS).Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see .

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco IOS XR Software
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2021-1568
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.37%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 17:45
Updated-07 Nov, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-anyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2020-24685
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-8.6||HIGH
EPSS-0.80% / 73.17%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 03:57
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AC500 V2 unauthenticated crafter packet vulnerability

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.

Action-Not Available
Vendor-ABB
Product-pm573-ethac500_cpu_firmwarepm583-ethAC500 V2 products with onboard Ethernet
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found