Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-20480

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-25 Sep, 2024 | 16:27
Updated At-25 Sep, 2024 | 19:25
Rejected At-
Credits

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover. This vulnerability is due to improper handling of IPv4 DHCP packets. An attacker could exploit this vulnerability by sending certain IPv4 DHCP packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition that requires a manual reload to recover.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:25 Sep, 2024 | 16:27
Updated At:25 Sep, 2024 | 19:25
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover. This vulnerability is due to improper handling of IPv4 DHCP packets. An attacker could exploit this vulnerability by sending certain IPv4 DHCP packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition that requires a manual reload to recover.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco IOS XE Software
Versions
Affected
  • 16.1.1
  • 16.1.2
  • 16.1.3
  • 16.2.1
  • 16.2.2
  • 16.3.1
  • 16.3.2
  • 16.3.3
  • 16.3.1a
  • 16.3.4
  • 16.3.5
  • 16.3.5b
  • 16.3.6
  • 16.3.7
  • 16.3.8
  • 16.3.9
  • 16.3.10
  • 16.3.11
  • 16.4.1
  • 16.4.2
  • 16.4.3
  • 16.5.1
  • 16.5.1a
  • 16.5.1b
  • 16.5.2
  • 16.5.3
  • 16.6.1
  • 16.6.2
  • 16.6.3
  • 16.6.4
  • 16.6.5
  • 16.6.4a
  • 16.6.5a
  • 16.6.6
  • 16.6.7
  • 16.6.8
  • 16.6.9
  • 16.6.10
  • 16.7.1
  • 16.7.1a
  • 16.7.1b
  • 16.7.2
  • 16.7.3
  • 16.7.4
  • 16.8.1
  • 16.8.1a
  • 16.8.1b
  • 16.8.1s
  • 16.8.1c
  • 16.8.1d
  • 16.8.2
  • 16.8.1e
  • 16.8.3
  • 16.9.1
  • 16.9.2
  • 16.9.1a
  • 16.9.1b
  • 16.9.1s
  • 16.9.3
  • 16.9.4
  • 16.9.3a
  • 16.9.5
  • 16.9.5f
  • 16.9.6
  • 16.9.7
  • 16.9.8
  • 16.10.1
  • 16.10.1a
  • 16.10.1b
  • 16.10.1s
  • 16.10.1c
  • 16.10.1e
  • 16.10.1d
  • 16.10.2
  • 16.10.1f
  • 16.10.1g
  • 16.10.3
  • 16.11.1
  • 16.11.1a
  • 16.11.1b
  • 16.11.2
  • 16.11.1s
  • 16.12.1
  • 16.12.1s
  • 16.12.1a
  • 16.12.1c
  • 16.12.1w
  • 16.12.2
  • 16.12.1y
  • 16.12.2a
  • 16.12.3
  • 16.12.8
  • 16.12.2s
  • 16.12.1x
  • 16.12.1t
  • 16.12.4
  • 16.12.3s
  • 16.12.3a
  • 16.12.4a
  • 16.12.5
  • 16.12.6
  • 16.12.1z1
  • 16.12.5a
  • 16.12.5b
  • 16.12.1z2
  • 16.12.6a
  • 16.12.7
  • 16.12.9
  • 16.12.10
  • 16.12.10a
  • 16.12.11
  • 17.1.1
  • 17.1.1a
  • 17.1.1s
  • 17.1.1t
  • 17.1.3
  • 17.2.1
  • 17.2.1r
  • 17.2.1a
  • 17.2.1v
  • 17.2.2
  • 17.2.3
  • 17.3.1
  • 17.3.2
  • 17.3.3
  • 17.3.1a
  • 17.3.1w
  • 17.3.2a
  • 17.3.1x
  • 17.3.1z
  • 17.3.4
  • 17.3.5
  • 17.3.4a
  • 17.3.6
  • 17.3.4b
  • 17.3.4c
  • 17.3.5a
  • 17.3.5b
  • 17.3.7
  • 17.3.8
  • 17.3.8a
  • 17.4.1
  • 17.4.2
  • 17.4.1a
  • 17.4.1b
  • 17.4.2a
  • 17.5.1
  • 17.5.1a
  • 17.6.1
  • 17.6.2
  • 17.6.1w
  • 17.6.1a
  • 17.6.1x
  • 17.6.3
  • 17.6.1y
  • 17.6.1z
  • 17.6.3a
  • 17.6.4
  • 17.6.1z1
  • 17.6.5
  • 17.6.6
  • 17.6.6a
  • 17.6.5a
  • 17.6.7
  • 17.7.1
  • 17.7.1a
  • 17.7.1b
  • 17.7.2
  • 17.10.1
  • 17.10.1a
  • 17.10.1b
  • 17.8.1
  • 17.8.1a
  • 17.9.1
  • 17.9.1w
  • 17.9.2
  • 17.9.1a
  • 17.9.1x
  • 17.9.1y
  • 17.9.3
  • 17.9.2a
  • 17.9.1x1
  • 17.9.3a
  • 17.9.4
  • 17.9.1y1
  • 17.9.5
  • 17.9.4a
  • 17.9.5a
  • 17.9.5b
  • 17.11.1
  • 17.11.1a
  • 17.12.1
  • 17.12.1w
  • 17.12.1a
  • 17.12.1x
  • 17.12.2
  • 17.12.3
  • 17.12.2a
  • 17.12.1y
  • 17.12.3a
  • 17.13.1
  • 17.13.1a
  • 17.14.1
  • 17.14.1a
  • 17.11.99SW
Problem Types
TypeCWE IDDescription
cweCWE-783Operator Precedence Logic Error
Type: cwe
CWE ID: CWE-783
Description: Operator Precedence Logic Error
Metrics
VersionBase scoreBase severityVector
3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-MBcbG9k
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-MBcbG9k
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Cisco Systems, Inc.cisco
Product
ios_xe
CPEs
  • cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 16.1.1
  • 16.1.2
  • 16.1.3
  • 16.2.1
  • 16.2.2
  • 16.3.1
  • 16.3.2
  • 16.3.3
  • 16.3.1a
  • 16.3.4
  • 16.3.5
  • 16.3.5b
  • 16.3.6
  • 16.3.7
  • 16.3.8
  • 16.3.9
  • 16.3.10
  • 16.3.11
  • 16.4.1
  • 16.4.2
  • 16.4.3
  • 16.5.1
  • 16.5.1a
  • 16.5.1b
  • 16.5.2
  • 16.5.3
  • 16.6.1
  • 16.6.2
  • 16.6.3
  • 16.6.4
  • 16.6.5
  • 16.6.4a
  • 16.6.5a
  • 16.6.6
  • 16.6.7
  • 16.6.8
  • 16.6.9
  • 16.6.10
  • 16.7.1
  • 16.7.1a
  • 16.7.1b
  • 16.7.2
  • 16.7.3
  • 16.7.4
  • 16.8.1
  • 16.8.1a
  • 16.8.1b
  • 16.8.1s
  • 16.8.1c
  • 16.8.1d
  • 16.8.2
  • 16.8.1e
  • 16.8.3
  • 16.9.1
  • 16.9.2
  • 16.9.1a
  • 16.9.1b
  • 16.9.1s
  • 16.9.3
  • 16.9.4
  • 16.9.3a
  • 16.9.5
  • 16.9.5f
  • 16.9.6
  • 16.9.7
  • 16.9.8
  • 16.10.1
  • 16.10.1a
  • 16.10.1b
  • 16.10.1s
  • 16.10.1c
  • 16.10.1e
  • 16.10.1d
  • 16.10.2
  • 16.10.1f
  • 16.10.1g
  • 16.10.3
  • 16.11.1
  • 16.11.1a
  • 16.11.1b
  • 16.11.2
  • 16.11.1s
  • 16.12.1
  • 16.12.1s
  • 16.12.1a
  • 16.12.1c
  • 16.12.1w
  • 16.12.2
  • 16.12.1y
  • 16.12.2a
  • 16.12.3
  • 16.12.8
  • 16.12.2s
  • 16.12.1x
  • 16.12.1t
  • 16.12.4
  • 16.12.3s
  • 16.12.3a
  • 16.12.4a
  • 16.12.5
  • 16.12.6
  • 16.12.1z1
  • 16.12.5a
  • 16.12.5b
  • 16.12.1z2
  • 16.12.6a
  • 16.12.7
  • 16.12.9
  • 16.12.10
  • 16.12.10a
  • 16.12.11
  • 17.1.1
  • 17.1.1a
  • 17.1.1s
  • 17.1.1t
  • 17.1.3
  • 17.2.1
  • 17.2.1r
  • 17.2.1a
  • 17.2.1v
  • 17.2.2
  • 17.2.3
  • 17.3.1
  • 17.3.2
  • 17.3.3
  • 17.3.1a
  • 17.3.1w
  • 17.3.2a
  • 17.3.1x
  • 17.3.1z
  • 17.3.4
  • 17.3.5
  • 17.3.4a
  • 17.3.6
  • 17.3.4b
  • 17.3.4c
  • 17.3.5a
  • 17.3.5b
  • 17.3.7
  • 17.3.8
  • 17.4.1
  • 17.4.2
  • 17.4.1a
  • 17.4.1b
  • 17.4.2a
  • 17.5.1
  • 17.5.1a
  • 17.6.1
  • 17.6.2
  • 17.6.1w
  • 17.6.1a
  • 17.6.1x
  • 17.6.3
  • 17.6.1y
  • 17.6.1z
  • 17.6.3a
  • 17.6.4
  • 17.6.1z1
  • 17.6.5
  • 17.6.6
  • 17.6.6a
  • 17.6.5a
  • 17.6.7
  • 17.7.1
  • 17.7.1a
  • 17.7.1b
  • 17.7.2
  • 17.10.1
  • 17.10.1a
  • 17.10.1b
  • 17.8.1
  • 17.8.1a
  • 17.9.1
  • 17.9.1w
  • 17.9.2
  • 17.9.1a
  • 17.9.1x
  • 17.9.1y
  • 17.9.3
  • 17.9.2a
  • 17.9.1x1
  • 17.9.3a
  • 17.9.4
  • 17.9.1y1
  • 17.9.5
  • 17.9.4a
  • 17.9.5a
  • 17.9.5b
  • 17.11.1
  • 17.11.1a
  • 17.12.1
  • 17.12.1w
  • 17.12.1a
  • 17.12.1x
  • 17.12.2
  • 17.12.3
  • 17.12.2a
  • 17.12.1y
  • 17.12.3a
  • 17.13.1
  • 17.13.1a
  • 17.14.1
  • 17.14.1a
  • 17.11.99sw
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:25 Sep, 2024 | 17:15
Updated At:03 Oct, 2024 | 20:07

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover. This vulnerability is due to improper handling of IPv4 DHCP packets. An attacker could exploit this vulnerability by sending certain IPv4 DHCP packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition that requires a manual reload to recover.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Secondary3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CPE Matches
Cisco Systems, Inc.
cisco
>>ios_xe>>16.1.1
cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.1.2
cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.1.3
cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.2.1
cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.2.2
cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.1
cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.1a
cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.2
cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.3
cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.4
cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.5
cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.5b
cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.6
cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.7
cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.8
cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.9
cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.10
cpe:2.3:o:cisco:ios_xe:16.3.10:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.11
cpe:2.3:o:cisco:ios_xe:16.3.11:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.4.1
cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.4.2
cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.4.3
cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.5.1
cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.5.1a
cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.5.1b
cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.5.2
cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.5.3
cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.1
cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.2
cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.3
cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.4
cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.4a
cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.5
cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.5a
cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.6
cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.7
cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.8
cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.9
cpe:2.3:o:cisco:ios_xe:16.6.9:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.10
cpe:2.3:o:cisco:ios_xe:16.6.10:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.7.1
cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.7.1a
cpe:2.3:o:cisco:ios_xe:16.7.1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.7.1b
cpe:2.3:o:cisco:ios_xe:16.7.1b:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.7.2
cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.7.3
cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.7.4
cpe:2.3:o:cisco:ios_xe:16.7.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1
cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1a
cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1b
cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1c
cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1d
cpe:2.3:o:cisco:ios_xe:16.8.1d:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1e
cpe:2.3:o:cisco:ios_xe:16.8.1e:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-670Primarynvd@nist.gov
CWE-783Secondaryykramarz@cisco.com
CWE ID: CWE-670
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-783
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-MBcbG9kykramarz@cisco.com
Vendor Advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-MBcbG9k
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

223Records found
CVE-2023-20176
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.12% / 32.23%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 17:25
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an affected device as a wireless client and sending a high rate of traffic over an extended period of time. A successful exploit could allow the attacker to cause the Datagram TLS (DTLS) session to tear down and reset, causing a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_9136_firmwarecatalyst_9136catalyst_9166_firmwarecatalyst_9124catalyst_9124_firmwarecatalyst_9164catalyst_9130_firmwarecatalyst_9166catalyst_9164_firmwarecatalyst_9130Cisco Aironet Access Point SoftwareCisco Aironet Access Point Software (IOS XE Controller)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-20757
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.23% / 78.33%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 03:15
Updated-06 Nov, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Denial of Service Vulnerability

A vulnerability in the connection handling function in Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper traffic handling when platform limits are reached. An attacker could exploit this vulnerability by sending a high rate of UDP traffic through an affected device. A successful exploit could allow the attacker to cause all new, incoming connections to be dropped, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-20746
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.91% / 74.93%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 03:15
Updated-06 Nov, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability

A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper handling of TCP flows. An attacker could exploit this vulnerability by sending a crafted stream of TCP traffic through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-20946
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.20% / 41.76%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 17:29
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20803
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.17% / 38.07%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 00:00
Updated-28 Oct, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV Double-free Vulnerability in the OLE2 File Parser

A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-415
Double Free
CVE-2022-20697
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.45% / 62.60%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:15
Updated-06 Nov, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS
CWE ID-CWE-691
Insufficient Control Flow Management
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2022-20745
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.16% / 77.72%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 03:15
Updated-06 Nov, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Denial of Service Vulnerability

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20870
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.14%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 20:43
Updated-01 Nov, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability

A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3650-24ps-scatalyst_3850catalyst_3650catalyst_3850-32xs-ecatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-ecatalyst_9500hcatalyst_3850-24p-scatalyst_3650-12x48urcatalyst_3650-24pdm-lcatalyst_3850-16xs-scatalyst_c9600-lc-48txcatalyst_3850-48pw-scatalyst_9300l-24t-4x-acatalyst_3850-24ucatalyst_9300-48un-ecatalyst_c9500-16xcatalyst_9300-48p-acatalyst_9300-24s-acatalyst_3650-24ts-ecatalyst_3650-24ps-lcatalyst_9300l-24p-4g-ecatalyst_c9500-40x-acatalyst_9300l-48t-4x-acatalyst_3650-48td-scatalyst_c9600-lc-48scatalyst_3650-24pdmcatalyst_3650-8x24pd-scatalyst_3850-48u-lcatalyst_3650-48ts-lcatalyst_3650-48tq-ecatalyst_3850-nm-2-40gcatalyst_c9500-24y4ccatalyst_3650-8x24uq-lcatalyst_9300lmcatalyst_3650-48fd-lcatalyst_3650-48fs-lcatalyst_3650-48pq-ecatalyst_3650-48fs-ecatalyst_3650-24pd-lcatalyst_3650-24pd-scatalyst_3650-24td-lcatalyst_3650-24ts-lcatalyst_9300-24t-ecatalyst_3650-12x48uzcatalyst_9300l-24t-4g-ecatalyst_c9500-12q-ecatalyst_3850-48xscatalyst_3650-12x48uqcatalyst_3650-48fd-scatalyst_3650-48fs-scatalyst_3850-48t-scatalyst_9300-48p-ecatalyst_3650-48pq-lcatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_3650-8x24pd-ecatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9300-48t-ecatalyst_c9600-lc-24ccatalyst_3850-24xu-ecatalyst_c9500-12q-acatalyst_3650-12x48uq-ecatalyst_9300l-48p-4g-acatalyst_3650-24td-scatalyst_3650-48pd-lcatalyst_3650-8x24uqcatalyst_9600catalyst_3850-48u-scatalyst_9300l-48t-4g-acatalyst_3850-16xs-ecatalyst_3650-48tq-scatalyst_3650-24pdm-scatalyst_3850-24xucatalyst_9300-48uxm-ecatalyst_3850-48p-ecatalyst_3650-12x48ur-ecatalyst_9300l-48p-4x-ecatalyst_9400catalyst_3650-48fqm-scatalyst_3850-48t-lcatalyst_3650-48fd-ecatalyst_3650-12x48fd-scatalyst_c3850-12x48u-ecatalyst_3650-12x48uq-lcatalyst_9300l-48p-4x-acatalyst_3650-48fq-ecatalyst_9300-24s-ecatalyst_3650-8x24uq-scatalyst_9300-48u-ecatalyst_3650-48tq-lcatalyst_9300-48u-acatalyst_9300-48s-acatalyst_3650-12x48fd-lcatalyst_c9500-40xcatalyst_3650-48fq-scatalyst_3850-24p-ecatalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300catalyst_c9500-16x-acatalyst_3850-48t-ecatalyst_3650-48pq-scatalyst_3850-24xu-scatalyst_3650-48fqmcatalyst_c9500-40x-ecatalyst_3650-48td-lcatalyst_c3850-12x48u-scatalyst_3650-48fqm-lcatalyst_3850-24xs-ecatalyst_3850-12s-scatalyst_3650-8x24uq-ecatalyst_3850-24u-lcatalyst_c9500-24q-ecatalyst_9300l-24t-4g-acatalyst_3850-48f-scatalyst_3650-12x48ur-lcatalyst_3850-24u-scatalyst_c3850-12x48u-lcatalyst_9300l-24t-4x-ecatalyst_3650-24pdcatalyst_c9600-lc-48ylcatalyst_3850-48f-ecatalyst_c9500-12qcatalyst_3650-12x48uz-scatalyst_c9500-24qcatalyst_9300l-24p-4g-acatalyst_9300-48uxm-acatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_9300-24p-acatalyst_3850-32xs-scatalyst_3650-48ps-lcatalyst_9500catalyst_3650-12x48fd-ecatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_3850-48xs-ecatalyst_3850-24s-scatalyst_3650-24td-ecatalyst_9300-48s-ecatalyst_3650-48td-ecatalyst_9300-24u-acatalyst_3850-48ucatalyst_3650-8x24pd-lcatalyst_c9500-32ccatalyst_3650-48fqcatalyst_9300lcatalyst_3650-48fq-lcatalyst_3650-12x48uz-ecatalyst_3650-12x48uq-scatalyst_9300-24u-ecatalyst_c9500-32qccatalyst_3650-12x48ur-scatalyst_3850-48p-scatalyst_3850-12x48ucatalyst_9300xcatalyst_3650-48pd-scatalyst_9300-48un-acatalyst_3650-24pd-ecatalyst_3650-12x48uz-lcatalyst_9300-24p-ecatalyst_3850-48xs-f-ecatalyst_9300-48t-acatalyst_c9500-16x-ecatalyst_9300l-48t-4x-ecatalyst_3850-12s-ecatalyst_3850-24p-lcatalyst_3850-24t-ecatalyst_3850-24xscatalyst_3650-24ts-scatalyst_3650-24ps-ecatalyst_3850-24xs-scatalyst_3650-48ps-scatalyst_3650-48fqm-ecatalyst_3650-48pd-ecatalyst_3650-24pdm-ecatalyst_3850-24u-ecatalyst_3850-48xs-sios_xecatalyst_3650-48ts-ecatalyst_3850-48p-lcatalyst_c9500-24q-acatalyst_c9500-48y4ccatalyst_3850-nm-8-10gcatalyst_3650-48ts-scatalyst_3650-48ps-ecatalyst_9300-24ux-ecatalyst_3850-12xs-eCisco IOS XE Software
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2022-20823
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.21% / 44.02%
||
7 Day CHG-0.08%
Published-25 Aug, 2022 | 18:40
Updated-06 Nov, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability

A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device. A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The OSPFv3 feature is disabled by default. To exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device. For more information about exploitation conditions, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_34200yc-smnexus_9300_firmwarenexus_56128pnexus_3132q-xnexus_3172tqnexus_9332c_firmwarenexus_3172pq\/pq-xl_firmwarenexus_93108tc-ex_firmwarenexus_3200nexus_93128txnexus_3064t_firmwarenexus_3064-t_firmwarenexus_3132q-vnexus_9332cnexus_93360yc-fx2_firmwarenexus_9336c-fx2nexus_3524-xnexus_9348gc-fxpnexus_3172nexus_7000_10-slot_firmwarenexus_9272qnexus_56128p_firmwarenexus_7000_supervisor_2e_firmwarenexus_93180yc-fxnexus_9336pq_firmwarenexus_3548_firmwarenexus_3432d-snexus_3264q_firmwarenexus_93180yc-fx3_firmwarenexus_7000_4-slotnexus_9272q_firmwarenexus_3548-x\/xlnexus_3636c-r_firmwarenexus_3016nexus_7018nexus_92304qcnexus_3100nexus_5596t_firmwarenexus_3048nexus_7700_supervisor_3e_firmwarenexus_93360yc-fx2nexus_3432d-s_firmwarenexus_3232c_nexus_7010_firmwarenexus_7010nexus_93180yc-fx_firmwarenexus_93216tc-fx2_firmwarenexus_3064x_firmwarenexus_3132q-v_firmwarenexus_7018_firmwarenexus_5596tnexus_7702nexus_5624qnexus_3264c-e_firmwarenexus_6004xnexus_93600cd-gxnexus_3132q-xl_firmwarenexus_6001tnexus_9372px-enexus_7000_18-slotnexus_9500_firmwarenexus_5596up_firmwarenexus_3132q-x\/3132q-xl_firmwarenexus_3400nexus_7700_firmwarenexus_9332pqnexus_9508nexus_7004_firmwarenexus_31108pv-v_firmwarenexus_93120txnexus_6000nexus_7000_supervisor_2nexus_93120tx_firmwarenexus_7000_supervisor_1_firmwarenexus_3500_platform_firmwarenexus_6004nexus_7700_6-slot_firmwarenexus_3132q_firmwarenexus_3100-znexus_3500_firmwarenexus_3548-xlnexus_31128pqnexus_93180yc-fx3snexus_7700_supervisor_2enexus_3132c-znexus_5548pnexus_9336c-fx2_firmwarenexus_5648qnexus_3464cnexus_93128_firmwarenexus_93216tc-fx2nexus_3048_firmwarenexus_3524-x\/xl_firmwarenexus_31128pq_firmwarenexus_3200_firmwarenexus_5500nexus_5672upnexus_93180tc-exnexus_3264qnexus_7004nexus_3232c_firmwarenexus_9000vnexus_9300nexus_31108pc-vnexus_7706_firmwarenexus_7700_18-slotnexus_93180yc-fx3nexus_3064-32tnexus_5596upnexus_3464c_firmwarenexus_3600_firmwarenexus_7009nexus_9332pq_firmwarenexus_93128tx_firmwarenexus_3100vnexus_3172tq-32t_firmwarenexus_3132qnexus_5648q_firmwarenexus_3524_firmwarenexus_6001p_firmwarenexus_5696qnexus_31108pc-v_firmwarenexus_7700_10-slotnexus_3064xnexus_9000nexus_31108pv-vnexus_9500nexus_93108tc-fx3pnexus_3172_firmwarenexus_93108tc-fxnexus_9364c-gx_firmwarenexus_9396tx_firmwarenexus_7000_4-slot_firmwarenexus_92300ycnexus_7706nexus_9348gc-fxp_firmwarenexus_93108tc-fx3p_firmwarenexus_5500_firmwarenexus_6001_firmwarenexus_7700_supervisor_2e_firmwarenexus_7700_10-slot_firmwarenexus_93240yc-fx2_firmwarenexus_5672up-16g_firmwarenexus_3548-xnexus_9336c-fx2-e_firmwarenexus_3172tq-xlnexus_93180yc-exnexus_3016q_firmwarenexus_9372tx-e_firmwarenexus_9236cnexus_9516nexus_6000_firmwarenexus_9000_firmwarenexus_3172pq-xlnexus_9500rnexus_7000_18-slot_firmwarenexus_7000_supervisor_2_firmwarenexus_3064-32t_firmwarenexus_93180lc-exnexus_7009_firmwarenexus_3636c-rnexus_3100-z_firmwarenexus_3548-x_firmwarenexus_3172tq_firmwarenexus_7700_supervisor_3enexus_3172pq-xl_firmwarenexus_3524-x_firmwarenexus_3016qnexus_7000_9-slotnexus_92348gc-xnexus_3172tq-32tnexus_93180yc-fx3s_firmwarenexus_31108tc-vnexus_3400_firmwarenexus_92304qc_firmwarenexus_3232c__firmwarenexus_3100v_firmwarenexus_7710_firmwarenexus_9372tx_firmwarenexus_3548-x\/xl_firmwarenexus_3100-v_firmwarenexus_7702_firmwarenexus_3524nexus_93108tc-ex-24_firmwarenexus_7700_6-slotnexus_7000_supervisor_1nexus_92160yc-x_firmwarenexus_5548p_firmwarenexus_7718_firmwarenexus_9504_firmwarenexus_93108tc-fx-24nexus_9516_firmwarenexus_36180yc-r_firmwarenexus_7710nexus_3100_firmwarenexus_93180yc-fx-24_firmwarenexus_7000_9-slot_firmwarenexus_9372tx-enexus_3500_platformnexus_9364c_firmwarenexus_3524-xlnexus_9200_firmwarenexus_5548up_firmwarenexus_9396txnexus_7000_10-slotnexus_7000nexus_3064nexus_3500nexus_7718nexus_9372px_firmwarenexus_5548upnexus_9336c-fx2-enexus_9396pxnexus_7000_supervisor_2enexus_9221cnexus_5672up_firmwarenexus_7700_2-slotnexus_3132q-x\/3132q-xlnexus_9372txnexus_9221c_firmwarenexus_3064-tnexus_93180yc-ex_firmwarenexus_3408-snexus_93108tc-fx-24_firmwarenexus_9336pqnexus_3600nexus_7700nexus_92348gc-x_firmwarenexus_6004_firmwarenexus_9000v_firmwarenexus_93108tc-exnexus_3100-vnexus_9316d-gxnexus_3524-x\/xlnexus_31108tc-v_firmwarenexus_3064-x_firmwarenexus_6001pnexus_3164qnexus_3408-s_firmwarenexus_9364cnexus_9396px_firmwarenexus_93180yc-ex-24_firmwarenexus_3172pq\/pq-xlnexus_34180yc_firmwarenexus_93180yc-fx-24nexus_6004x_firmwarenexus_93600cd-gx_firmwarenexus_36180yc-rnexus_3164q_firmwarenexus_3524-xl_firmwarenexus_9508_firmwarenexus_5600_firmwarenexus_7700_2-slot_firmwarenexus_34180ycnexus_5624q_firmwarenexus_6001t_firmwarenexus_9316d-gx_firmwarenexus_5696q_firmwarenexus_34200yc-sm_firmwarenexus_3064_firmwarenexus_93180yc-ex-24nexus_3548nexus_9372pxnexus_9364c-gxnexus_92160yc-xnexus_93108tc-ex-24nexus_93180lc-ex_firmwarenexus_93180tc-ex_firmwarenexus_9504nexus_9500r_firmwarenexus_6001nexus_9372px-e_firmwarenexus_3064tnexus_3172pqnexus_3172tq-xl_firmwarenexus_3064-xnexus_3232cnexus_3172pq_firmwarenexus_9200nexus_92300yc_firmwarenexus_3548-xl_firmwarenexus_3264c-enexus_93240yc-fx2nexus_9236c_firmwarenexus_93108tc-fx_firmwarenexus_7000_firmwarenexus_3132q-xlnexus_3132q-x_firmwarenexus_93128nexus_3132c-z_firmwarenexus_3016_firmwarenexus_7700_18-slot_firmwarenexus_5600nexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-20767
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.35% / 79.32%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 03:15
Updated-06 Nov, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition. Note: This vulnerability only affects Cisco FTD devices that are running Snort 3.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-20770
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.50% / 64.92%
||
7 Day CHG-0.01%
Published-04 May, 2022 | 17:05
Updated-06 Nov, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

Action-Not Available
Vendor-ClamAVDebian GNU/LinuxFedora ProjectCisco Systems, Inc.
Product-secure_endpointclamavdebian_linuxfedoraCisco AMP for Endpoints
CWE ID-CWE-399
Not Available
CVE-2022-20682
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.47% / 63.83%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:16
Updated-06 Nov, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. An attacker could exploit this vulnerability by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-20848
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.47% / 63.78%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 18:45
Updated-01 Nov, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points UDP Processing Denial of Service Vulnerability

A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_920-10sz-pdcatalyst_3650-24ps-scatalyst_3850catalyst_3650asr-920-12sz-im-ccasr_907catalyst_9500hasr-920-12cz-acatalyst_3650-12x48urcatalyst_3850-16xs-scatalyst_9300l-24t-4x-acatalyst_3850-48pw-scatalyst_9300-48un-e4331_integrated_services_routerasr_90064461_integrated_services_routercatalyst_9300-48p-acatalyst_9300-24s-aasr_901s-3sg-f-dcatalyst_9300l-48t-4x-aasr_920-12sz-imasr_920-12sz-im_routercatalyst_8300catalyst_3650-24pdmcatalyst_3850-48u-lcatalyst_8500-4qccatalyst_3650-8x24pd-scatalyst_3650-48ts-lasr-920-4sz-acatalyst_3650-8x24uq-lcatalyst_8300-1n1s-6t8101-32fhcatalyst_3650-24pd-lcatalyst_3650-24pd-scatalyst_3650-24td-lcatalyst_9300l-24t-4g-ecatalyst_3650-24ts-lasr-920-24sz-imasr_920-12cz-a_rcatalyst_3850-48xscatalyst_3650-12x48uqcatalyst_9800-clcatalyst_9300-48p-ecatalyst_3650-8x24pd-e1131_integrated_services_routercatalyst_9300-48t-ecatalyst_9600xcatalyst_3850-24xu-easr1002-x9800-40catalyst_3650-12x48uq-ecatalyst_3650-8x24uqcatalyst_9600catalyst_3850-48u-scatalyst_8510msrcatalyst_3850-16xs-ecatalyst_9200lasr-920-10sz-pdasr-920-4sz-dcatalyst_3650-24pdm-scatalyst_3850-24xuasr-920-12cz-dcatalyst_9300-48uxm-ecatalyst_3650-12x48ur-e1109_integrated_services_routercatalyst_9400catalyst_3650-48fqm-scatalyst_3850-48t-l1100-4g_integrated_services_router1111x_integrated_services_routercatalyst_3650-12x48fd-scatalyst_9600_supervisor_engine-1catalyst_3650-12x48uq-lcatalyst_9800-40catalyst_9300l-48p-4x-acatalyst_9800catalyst_3650-8x24uq-scatalyst_3650-48tq-lcatalyst_9300-48u-aasr_902uasr_920-4sz-a_router1100-4p_integrated_services_routercatalyst_3650-48fq-sasr-920-24tz-masr_903asr_9920asr_9906asr1000-mip100catalyst_3850-48t-ecatalyst_3650-48pq-s1101_integrated_services_routerasr_920-24tz-m_rcatalyst_3650-48fqm-l8101-32hasr_920-24sz-m_rcatalyst_3850-12s-sasr_9010asr_920-4sz-d_rcatalyst_3850-24u-s1100_integrated_services_routerasr_901-4c-ft-dcatalyst_9300l-24t-4x-easr_1002-hx_r3000_integrated_services_routerasr_920-10sz-pd_routercatalyst_3650-12x48uz-sasr_1006-xasr_920-12cz-acatalyst_9300l-24p-4g-aasr1002-x-rfasr_901-12c-ft-dcatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_3850-32xs-scatalyst_9500asr_9001asr1002-hxasr_901s-3sg-f-ahasr1000-rp3catalyst_3650-12x48fd-ecatalyst_3850-48f-l4221_integrated_services_routercatalyst_3850-24xu-lcatalyst_3850-24s-scatalyst_3650-24td-ecatalyst_9300-48s-ecatalyst_3650-48td-easr1002-x-wsasr_1002-xcatalyst_9300lasr_920-12cz-d_r8800_18-slotcatalyst_3650-12x48uq-scatalyst_3650-12x48uz-e4451-x_integrated_services_routercatalyst_3650-12x48ur-scatalyst_3850-48p-scatalyst_8510csrasr_1002-hx1109-2p_integrated_services_routercatalyst_9200cxasr_920-10sz-pd_rcatalyst_8200catalyst_9300-48t-acatalyst_3850-12s-ecatalyst_8500asr_920u-12sz-im8831catalyst_3850-24t-easr_920-24sz-m_routercatalyst_3650-24ts-scatalyst_3650-24ps-easr1001-x-rfasr_900asr_901-6cz-ft-a4321_integrated_services_routercatalyst_3850-24xs-scatalyst_8300-1n1s-4t2x8804catalyst_3650-48pd-ecatalyst_3650-48fqm-easr1001-x-wscatalyst_3650-24pdm-easr_1000catalyst_3650-48ts-ecatalyst_3850-48p-lcatalyst_8300-2n2s-4t2xasr_920-12sz-im_r88081100-8p_integrated_services_routercatalyst_9410rcatalyst_3850-nm-8-10gasr_901-12c-f-dcatalyst_3850-12xs-easr_901s-2sg-f-ahcatalyst_8540csrcatalyst_3850-32xs-e1100-6g_integrated_services_routercatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-easr_914catalyst_3850-24p-s8202catalyst_3650-24pdm-lcatalyst_9300l_stack9800-lcatalyst_3850-24uasr_920-12cz-dasr_1000-xasr1000-6tgecatalyst_9300l-24p-4g-ecatalyst_3650-24ts-ecatalyst_3650-24ps-lasr_920-4sz-dcatalyst_3650-48td-sasr_920-4sz-d_router111x_integrated_services_routercatalyst_9800-l8201-32fhasr_1013catalyst_8540msrasr_920-24sz-imcatalyst_3650-48tq-ecatalyst_3850-nm-2-40gasr-920-12sz-dcatalyst_9300lmcatalyst_3650-48fs-lcatalyst_3650-48pq-ecatalyst_3650-48fd-lcatalyst_3650-48fs-ecatalyst_9300-24t-ecatalyst_3650-12x48uzasr_9000vasr1001-hxcatalyst_3650-48fd-scatalyst_3650-48fs-scatalyst_3850-48t-sasr-920-24sz-mcatalyst_9407rcatalyst_3850-24t-scatalyst_3650-48pq-lcatalyst_3850-24pw-scatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9200asr-920-20sz-mcatalyst_9300l-48p-4g-a1160_integrated_services_routercatalyst_3650-24td-scatalyst_3650-48pd-lcatalyst_9300l-48t-4g-aasr_920-24sz-masr_920-24sz-im_routerasr_920-4sz-acatalyst_3650-48tq-sasr-9901-rpcatalyst_ie3200catalyst_3850-48p-ecatalyst_9800-80catalyst_8300-2n2s-6tasr_920-4sz-a_rcatalyst_9300l-48p-4x-easr-920-24tz-imcatalyst_3650-48fd-easr_901-6cz-ft-dasr_901-6cz-f-dasr_9000catalyst_3650-48fq-ecatalyst_8500lcatalyst_9300-24s-ecatalyst_9300-48u-e1101-4p_integrated_services_routercatalyst_9300-48s-acatalyst_3650-12x48fd-lasr-920-12sz-acatalyst_3850-24p-ecatalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-aasr_1006catalyst_9300asr_920-24sz-im_rasr1002-hx-wsasr_920-12cz-d_routercatalyst_3850-24xu-s4451_integrated_services_routercatalyst_3650-48fqmcatalyst_3650-48td-lasr_9901catalyst_3850-24xs-ecatalyst_9400_supervisor_engine-1asr1001-hx-rfcatalyst_ie3400catalyst_3650-8x24uq-ecatalyst_3850-24u-lcatalyst_9300l-24t-4g-a9800-clcatalyst_3850-48f-scatalyst_3650-12x48ur-lasr_901-4c-f-d8800_8-slotasr_1001-hx_rcatalyst_3650-24pdcatalyst_9800-l-casr1000-2t\+20x1gecatalyst_3850-48f-e4000_integrated_services_router1000_integrated_services_routercatalyst_9300-48uxm-aasr_102388128818catalyst_9300-24p-acatalyst_3650-48ps-lasr_10011100-4g\/6g_integrated_services_routerasr_920-12cz-a_routercatalyst_3850-48xs-easr1000-esp200asr_9904catalyst_9300-24u-acatalyst_3850-48ucatalyst_3650-8x24pd-lasr_1001-hxcatalyst_ie3300catalyst_3650-48fqcatalyst_3650-48fq-l8102-64hasr_1009-x8201catalyst_9300-24u-easr_901-6cz-f-aasr1002-hx-rfcatalyst_3850-12x48ucatalyst_9300xcatalyst_3650-48pd-scatalyst_9300-48un-aasr_1001-x_rcatalyst_3650-24pd-easr-920-12sz-imasr_901-6cz-fs-dcatalyst_3650-12x48uz-lcatalyst_9300-24p-easr_1002-x_rasr_901s-4sg-f-dasr1001-xcatalyst_3850-48xs-f-easr_1002catalyst_9800-l-fasr_902asr_1004catalyst_9300l-48t-4x-ecatalyst_3850-24p-l1120_integrated_services_routercatalyst_3850-24xsasr_99038800_4-slotcatalyst_3650-48ps-s4431_integrated_services_router9800-80asr_901-6cz-fs-aasr_920-24tz-m_routercatalyst_3850-24u-ecatalyst_3850-48xs-sios_xe1111x-8p_integrated_services_routerasr_9910asr_9912asr_99221109-4p_integrated_services_routerasr_1001-xcatalyst_3650-48ts-s8800_12-slotcatalyst_3650-48ps-easr_901s-2sg-f-dcatalyst_9300-24ux-e4351_integrated_services_routerasr_920-24tz-mCisco IOS XE Software
CWE ID-CWE-399
Not Available
CVE-2022-20933
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.18% / 39.53%
||
7 Day CHG~0.00%
Published-26 Oct, 2022 | 14:00
Updated-01 Nov, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-meraki_mx64w_firmwaremeraki_mx67wmeraki_mx600meraki_mx64wmeraki_mx65meraki_mx68_firmwaremeraki_mx450meraki_mx250meraki_vmx_firmwaremeraki_mx67cw_firmwaremeraki_mx95meraki_mx450_firmwaremeraki_mx68w_firmwaremeraki_mx64meraki_mx85_firmwaremeraki_mx95_firmwaremeraki_z3_firmwaremeraki_z3meraki_mx75_firmwaremeraki_z3c_firmwaremeraki_mx64_firmwaremeraki_z3cmeraki_mx250_firmwaremeraki_mx67cwmeraki_vmxmeraki_mx65_firmwaremeraki_mx400_firmwaremeraki_mx84_firmwaremeraki_mx600_firmwaremeraki_mx85meraki_mx67meraki_mx400meraki_mx68wmeraki_mx68cw_firmwaremeraki_mx100_firmwaremeraki_mx100meraki_mx68meraki_mx75meraki_mx84meraki_mx67_firmwaremeraki_mx65w_firmwaremeraki_mx68cwmeraki_mx65wmeraki_mx105meraki_mx67w_firmwaremeraki_mx105_firmwareCisco Meraki MX Firmware
CWE ID-CWE-234
Failure to Handle Missing Parameter
CVE-2022-20947
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.13%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 17:29
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-20683
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.29% / 51.46%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:16
Updated-06 Nov, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-124
Buffer Underwrite ('Buffer Underflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20847
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.43% / 61.50%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 18:45
Updated-01 Nov, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family DHCP Processing Denial of Service Vulnerability

A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malicious DHCP messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-40catalyst_9800-l-ccatalyst_9800catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software
CWE ID-CWE-399
Not Available
CVE-2022-20760
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.59% / 85.01%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 03:15
Updated-06 Nov, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability

A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of proper processing of incoming requests. An attacker could exploit this vulnerability by sending crafted DNS requests at a high rate to an affected device. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-20623
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-18.37% / 94.98%
||
7 Day CHG~0.00%
Published-23 Feb, 2022 | 17:40
Updated-06 Nov, 2024 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability

A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-n9k-c9232cn9k-c92348gc-xn9k-x97284yc-fxn9k-x9788tc-fxn9k-c9364c-gxn9k-c9272qn9k-c93600cd-gxn9k-x97160yc-exn9k-x9732c-exnx-osn9k-c93240yc-fx2n9k-c93108tc-exn9k-c9236cn9k-c9332cn9k-c9364cn9k-c9336c-fx2n9k-c92300ycn9k-c9316d-gxn9k-c92160yc-xn9k-x9732c-fxn9k-c93108tc-fxn9k-c93360yc-fx2n9k-c92304qcn9k-c93180yc-exn9k-c93180yc-fxn9k-c93180lc-exn9k-x9736c-fxn9k-c9348gc-fxpn9k-c93180yc2-fxn9k-x9736c-exn9k-c93216tc-fx2Cisco NX-OS Software
CWE ID-CWE-399
Not Available
CVE-2022-20678
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.14% / 34.99%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:16
Updated-06 Nov, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-1100-4g_integrated_services_router1111x_integrated_services_router1131_integrated_services_router1100-6g_integrated_services_routercatalyst_8300-1n1s-4t2xcatalyst_8500l4431_integrated_services_routercatalyst_8000v_edge1160_integrated_services_routercatalyst_8300-1n1s-6tcloud_services_router_1000vios_xe4221_integrated_services_routercatalyst_8300-2n2s-4t2x4331_integrated_services_router4461_integrated_services_routercatalyst_8500-4qcasr_1001-xcatalyst_8300-2n2s-6t1101_integrated_services_router1109_integrated_services_routerasr_1002-xcatalyst_8500111x_integrated_services_router1120_integrated_services_routerCisco IOS XE Software
CWE ID-CWE-413
Improper Resource Locking
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-20714
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.69% / 81.50%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:15
Updated-06 Nov, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability

A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are received on the Lightspeed-Plus line cards. An attacker could exploit this vulnerability by sending a crafted IPv4 or IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the Lightspeed-Plus line card to reset, resulting in a denial of service (DoS) condition for any traffic that traverses that line card.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_9903ios_xrasr_9902Cisco IOS XR Software
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-20622
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.84% / 73.73%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:17
Updated-06 Nov, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerability

A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_access_point_softwareCisco Aironet Access Point Software
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-20715
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.45% / 79.97%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 03:16
Updated-16 Sep, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability

A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20919
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.23% / 45.63%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 18:46
Updated-01 Nov, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service Vulnerability

A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_920-10sz-pdcatalyst_3850asr-920-12sz-im-ccasr_1023_routerasr_907catalyst_9500hasr-920-12cz-acatalyst_3850-16xs-scatalyst_3850-48pw-scatalyst_9300l-24t-4x-acatalyst_9300-48un-e4331_integrated_services_routerasr_90064461_integrated_services_routercatalyst_9300-48p-acatalyst_9300-24s-aasr_901s-3sg-f-dcatalyst_9124axiasr_920-12sz-imcatalyst_9300l-48t-4x-aasr_920-12sz-im_routercatalyst_8300catalyst_9115axicatalyst_8500-4qccatalyst_3850-48u-lcatalyst_9117axicatalyst_9800-80_wireless_controllerasr-920-4sz-acatalyst_8300-1n1s-6tcatalyst_9300l-24t-4g-easr-920-24sz-imasr_920-12cz-a_rcatalyst_3850-48xscatalyst_9800-clcatalyst_9300-48p-easr_9000_rsp440_router1131_integrated_services_routercatalyst_9300-48t-ecatalyst_9600xcatalyst_3850-24xu-easr_1002_fixed_routerasr1002-xcatalyst_9600catalyst_3850-48u-scatalyst_3850-16xs-ecatalyst_8510msrcatalyst_9200lasr-920-10sz-pdasr-920-4sz-dcatalyst_3850-24xuasr-920-12cz-dcatalyst_9300-48uxm-e1109_integrated_services_routercatalyst_9400catalyst_9100catalyst_3850-48t-l1100-4g_integrated_services_router1111x_integrated_services_routercatalyst_9600_supervisor_engine-1catalyst_9800-40catalyst_9300l-48p-4x-acatalyst_9800catalyst_9300-48u-aasr_902uasr_920-4sz-a_routercatalyst_9105axi1100-4p_integrated_services_routerasr-920-24tz-masr_903asr_9920asr_9906catalyst_ie3200_rugged_switchasr1000-mip100catalyst_3850-48t-e1101_integrated_services_routerasr_920-24tz-m_rasr_920-24sz-m_rasr_900_route_switch_processor_3_\(rsp3\)asr_9010catalyst_3850-12s-sasr_920-4sz-d_rcatalyst_3850-24u-s1100_integrated_services_routerasr_901-4c-ft-dcatalyst_9130_apcatalyst_9300l-24t-4x-ecatalyst_9800-40_wireless_controllerasr_1002-hx_rasr_920-10sz-pd_routercatalyst_9120axpasr_1006-xasr_920-12cz-acatalyst_9300l-24p-4g-aasr1002-x-rfasr_901-12c-ft-dcatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_3850-32xs-scatalyst_9500asr_9001asr_900_asr_901s-3sg-f-ahasr1002-hxasr1000-rp34221_integrated_services_routercatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_ie3400_heavy_duty_switchcatalyst_3850-24s-scatalyst_9300-48s-easr1002-x-wsasr_1002-xasr_920-12cz-d_rcatalyst_9300lcatalyst_9115_apcatalyst_ie3400_rugged_switch4451-x_integrated_services_routercatalyst_3850-48p-scatalyst_ie9300catalyst_8510csrcatalyst_9120axeasr_1002-hx1109-2p_integrated_services_routercatalyst_9200cxasr_920-10sz-pd_rcatalyst_8200asr_1000-esp100catalyst_9300-48t-acatalyst_9117catalyst_3850-12s-ecatalyst_8500asr_920u-12sz-imcatalyst_3850-24t-ecatalyst_9130axiasr_920-24sz-m_routerasr1001-x-rfasr_900asr_901-6cz-ft-a4321_integrated_services_routercatalyst_3850-24xs-scatalyst_8300-1n1s-4t2xcatalyst_ie3300_rugged_switchasr1001-x-wscatalyst_3850-48p-lcatalyst_8300-2n2s-4t2xasr_920-12sz-im_r1100-8p_integrated_services_routercatalyst_9410rcatalyst_3850-nm-8-10gasr_901-12c-f-dcatalyst_3850-12xs-easr_5700asr_901s-2sg-f-ahcatalyst_8540csrcatalyst_3850-32xs-e1100-6g_integrated_services_routercatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9105axwcatalyst_9300l-48t-4g-easr_914catalyst_3850-24p-scatalyst_3850-24ucatalyst_9300l_stackasr_920-12cz-dasr_1000-xasr1000-6tgecatalyst_9300l-24p-4g-easr_900_route_switch_processor_2_\(rsp2\)asr_920-4sz-dasr_920-4sz-d_routercatalyst_9120_apcatalyst_9800-lasr_1013catalyst_8540msrasr_920-24sz-imasr_5500asr-920-12sz-dcatalyst_3850-nm-2-40gcatalyst_9300lmcatalyst_9300-24t-easr_9000vasr1001-hxcatalyst_3850-48t-sasr-920-24sz-mcatalyst_9407rcatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9800_embedded_wireless_controllercatalyst_9200asr-920-20sz-mcatalyst_9300l-48p-4g-a1160_integrated_services_routercatalyst_9300l-48t-4g-aasr_920-24sz-masr_920-24sz-im_routerasr_920-4sz-aasr-9901-rpcatalyst_ie3200catalyst_3850-48p-ecatalyst_9800-80catalyst_8300-2n2s-6tasr_920-4sz-a_rcatalyst_9300l-48p-4x-easr-920-24tz-imcatalyst_9130asr_901-6cz-ft-dasr_901-6cz-f-dasr_9000asr_5000catalyst_8500lcatalyst_9300-24s-ecatalyst_9300-48u-e1101-4p_integrated_services_routercatalyst_9300-48s-acatalyst_9120axiasr-920-12sz-acatalyst_9115axecatalyst_3850-24p-easr_1006catalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300asr_920-24sz-im_rasr1002-hx-wsasr_920-12cz-d_routercatalyst_3850-24xu-s4451_integrated_services_routercatalyst_9105asr_9901catalyst_3850-24xs-ecatalyst_9400_supervisor_engine-1asr1001-hx-rfcatalyst_ie3400catalyst_3850-24u-lcatalyst_9300l-24t-4g-acatalyst_3850-48f-sasr_901-4c-f-dcatalyst_9130axeasr_1001-hx_rcatalyst_9800-l-casr1000-2t\+20x1gecatalyst_3850-48f-e1000_integrated_services_routercatalyst_9300-48uxm-aasr_1023catalyst_9300-24p-aasr_1001asr_920-12cz-a_routercatalyst_3850-48xs-easr1000-esp200asr_9904catalyst_9300-24u-acatalyst_9117_apcatalyst_3850-48uasr_1001-hxcatalyst_ie3300asr_1009-xcatalyst_9300-24u-easr_901-6cz-f-acatalyst_9124asr1002-hx-rfcatalyst_3850-12x48ucatalyst_9300xcatalyst_9300-48un-aasr_1001-x_rasr-920-12sz-imasr_901-6cz-fs-dcatalyst_9300-24p-easr_1002-x_rasr_901s-4sg-f-dasr1001-xcatalyst_3850-48xs-f-easr_1002catalyst_9800-l-fasr_902asr_1004catalyst_9300l-48t-4x-ecatalyst_3850-24p-lcatalyst_91151120_integrated_services_routercatalyst_3850-24xsasr_9903catalyst_91204431_integrated_services_routerasr_901-6cz-fs-acatalyst_9124axdasr_920-24tz-m_routercatalyst_3850-24u-ecatalyst_3850-48xs-sios_xe1111x-8p_integrated_services_routerasr_9910asr_9912asr_99221109-4p_integrated_services_routerasr_1001-xasr_901s-2sg-f-dcatalyst_9300-24ux-e4351_integrated_services_routerasr_920-24tz-mCisco IOS
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-20624
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-5.76% / 90.12%
||
7 Day CHG~0.00%
Published-23 Feb, 2022 | 17:40
Updated-06 Nov, 2024 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3132q-xnexus_3636c-rnexus_9508nx-osucs_64108nexus_92304qcnexus_92160yc-xn9k-c9332d-gx2bn9k-c9316d-gxnexus_9504nexus_3048nexus_3524-xln9k-c9348d-gx2anexus_3548-xlnexus_31128pqnexus_3132q-vnexus_3164qnexus_3172pqnexus_92300ycnexus_92348gc-xnexus_3132c-znexus_3524-xnexus_31108tc-vnexus_3232cn9k-c9364d-gx2an9k-c93600cd-gxnexus_9272qnexus_3464cnexus_36180yc-rnexus_3264c-enexus_3264qnexus_3548-xnexus_3132q-xlnexus_3432d-snexus_3172tq-xlucs_6454nexus_3408-snexus_34180ycnexus_31108pc-vnexus_9236cnexus_9516nexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20856
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.39% / 59.22%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 18:46
Updated-01 Nov, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Mobility Denial of Service Vulnerability

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-40catalyst_9800-l-ccatalyst_9800catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software
CWE ID-CWE-664
Improper Control of a Resource Through its Lifetime
CVE-2022-20751
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.78% / 72.81%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 03:15
Updated-06 Nov, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability

A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption, which could lead to a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances, the attacker may be able to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_4150firepower_1010firepower_1020firepower_1140firepower_2120firepower_4100firepower_2130firepower_2100firepower_4110firepower_1120firepower_2110firepower_4125firepower_1000firepower_1040firepower_4112firepower_1030firepower_4140firepower_2140firepower_4145firepower_4120firepower_1150firepower_4115firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-20756
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.13% / 77.42%
||
7 Day CHG~0.00%
Published-06 Apr, 2022 | 18:13
Updated-06 Nov, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability

A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by attempting to authenticate to a network or a service where the access server is using Cisco ISE as the RADIUS server. A successful exploit could allow the attacker to cause Cisco ISE to stop processing RADIUS requests, causing authentication/authorization timeouts, which would then result in legitimate requests being denied access. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) is required. See the Details section for more information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-399
Not Available
CVE-2021-40118
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.26% / 49.50%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:56
Updated-07 Nov, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliance_softwareasa_5585-x_firmwareasa_5505_firmwareasa_5580_firmwareasa_5515-xasa_5545-x_firmwareadaptive_security_applianceasa_5545-xasa_5525-x_firmwareasa_5505asa_5555-xasa_5580asa_5585-xasa_5515-x_firmwareasa_5525-xasa_5555-x_firmwareasa_5512-x_firmwareasa_5512-xfirepower_threat_defenseCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40117
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.84% / 73.73%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:56
Updated-07 Nov, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability

A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incoming SSL/TLS packets are not properly processed. An attacker could exploit this vulnerability by sending a crafted SSL/TLS packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliance_softwareasa_5585-x_firmwareasa_5505_firmwareasa_5580_firmwareasa_5515-xasa_5545-x_firmwareadaptive_security_applianceasa_5545-xasa_5525-x_firmwareasa_5505asa_5555-xasa_5580asa_5585-xasa_5515-x_firmwareasa_5525-xasa_5555-x_firmwareasa_5512-x_firmwareasa_5512-xfirepower_threat_defenseCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-15460
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.38% / 58.88%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 22:00
Updated-19 Nov, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asyncosemail_security_applianceCisco Email Security Appliance (ESA)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-20146
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.23% / 45.27%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 16:12
Updated-01 Aug, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for ASR 9000 Series Routers Layer 3 Multicast Routing Denial of Service Vulnerability

A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset. Traffic over that line card would be lost while the line card reloads.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrasr_9904asr_9010asr_9006asr_9901asr_9910asr_9912asr_9922asr_9906asr_9903asr_9902Cisco IOS XR Software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20243
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.38% / 58.41%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 17:01
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details ["#details"] section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2020-3572
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.86% / 82.30%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:40
Updated-13 Nov, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Session Denial of Service Vulnerability

A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak when closing SSL/TLS connections in a specific state. An attacker could exploit this vulnerability by establishing several SSL/TLS sessions and ensuring they are closed under certain conditions. A successful exploit could allow the attacker to exhaust memory resources in the affected device, which would prevent it from processing new SSL/TLS connections, resulting in a DoS. Manual intervention is required to recover an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliancefirepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-3358
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.20% / 42.36%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 17:21
Updated-15 Nov, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv345_dual_wan_gigabit_vpn_routerrv340w_dual_wan_gigabit_wireless-ac_vpn_routerrv345p_dual_wan_gigabit_poe_vpn_router_firmwarerv345_dual_wan_gigabit_vpn_router_firmwarerv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmwarerv345p_dual_wan_gigabit_poe_vpn_routerrv340_dual_wan_gigabit_vpn_router_firmwarerv340_dual_wan_gigabit_vpn_routerCisco Small Business RV Series Router Firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3304
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.50% / 64.83%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:36
Updated-13 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition. Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6 (IPv6) HTTP traffic.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliancefirepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3562
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.53% / 66.21%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:41
Updated-13 Nov, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower 2100 Series SSL/TLS Inspection Denial of Service Vulnerability

A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation for certain fields of specific SSL/TLS messages. An attacker could exploit this vulnerability by sending a malformed SSL/TLS message through an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. No manual intervention is needed to recover the device after it has reloaded.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_2140firepower_2120firepower_2130firepower_2110firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-3373
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.91% / 82.55%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:36
Updated-13 Nov, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IP Fragment Memory Leak Vulnerability

A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could prevent traffic from being processed through the device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper error handling when specific failures occur during IP fragment reassembly. An attacker could exploit this vulnerability by sending crafted, fragmented IP traffic to a targeted device. A successful exploit could allow the attacker to continuously consume memory on the affected device and eventually impact traffic, resulting in a DoS condition. The device could require a manual reboot to recover from the DoS condition. Note: This vulnerability applies to both IP Version 4 (IPv4) and IP Version 6 (IPv6) traffic.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-3500
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.29% / 51.98%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 18:00
Updated-13 Nov, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco StarOS IPv6 Denial of Service Vulnerability

A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to an affected device with the goal of reaching the vulnerable section of the input buffer. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-starosvirtualized_packet_core-single_instanceasr_5500asr_5700Cisco ASR 5000 Series Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-3221
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.56% / 67.44%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:41
Updated-15 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability

A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-l-ccatalyst_9800-40catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software 16.10.1
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3480
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.16% / 77.70%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:52
Updated-13 Nov, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-4451-x_integrated_services_router1111x_integrated_services_routerasr_10134321_integrated_services_router4351_integrated_services_router4431_integrated_services_router1160_integrated_services_routercloud_services_router_1000vasr_1002-hx1100_integrated_services_routerios_xeintegrated_services_virtual_router4221_integrated_services_router4331_integrated_services_routerasr_10064461_integrated_services_routerasr_1001-xasr_10041109_integrated_services_router1101_integrated_services_routerasr_1001-hxasr_1002-x111x_integrated_services_router1120_integrated_services_routerasr_1009-xasr_1006-xCisco IOS XE Software
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-3228
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.84% / 82.21%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:42
Updated-15 Nov, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS, IOS XE, and NX-OS Software Security Group Tag Exchange Protocol Denial of Service Vulnerability

A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosnexus_7000_4-slotnx-osnexus_7000_18-slotnexus_1000vnexus_7000_9-slotnexus_7000_10-slotCisco IOS 15.3(2)T
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3510
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.75% / 72.26%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:51
Updated-13 Nov, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability

A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_c9200l-48pxg-4xcatalyst_c9300-24pcatalyst_c9500-32qccatalyst_c9600-lc-24ccatalyst_c9200l-24p-4gcatalyst_c9300-48scatalyst_c9407rcatalyst_c9300-48pcatalyst_c9300-48ucatalyst_c9300l-48t-4xcatalyst_c9600-lc-48txcatalyst_c9300l-24t-4gcatalyst_c9200l-24pxg-2ycatalyst_c9500-16xcatalyst_c9200-24pcatalyst_c9300-48tcatalyst_c9300l-24t-4xcatalyst_c9200l-48pxg-2ycatalyst_c9600-lc-48ylcatalyst_c9200l-48t-4gcatalyst_c9200l-24p-4xcatalyst_c9200-48pcatalyst_c9300l-24p-4xcatalyst_c9300l-48p-4gcatalyst_c9500-12qcatalyst_c9500-24qcatalyst_c9600-lc-48scatalyst_c9200-48tcatalyst_c9300-24scatalyst_c9200l-24t-4xcatalyst_c9300-48uncatalyst_c9300-48uxmcatalyst_c9300-24tcatalyst_c9300l-48p-4xcatalyst_c9500-24y4ccatalyst_c9200l-24t-4gcatalyst_c9200l-24pxg-4xcatalyst_c9500-40xios_xecatalyst_c9300l-48t-4gcatalyst_c9404rcatalyst_c9300-24ucatalyst_c9200l-48t-4xcatalyst_c9500-48y4ccatalyst_c9300-24uxcatalyst_c9200-24tcatalyst_c9500-32ccatalyst_c9200l-48p-4gcatalyst_c9300l-24p-4gcatalyst_c9200l-48p-4xcatalyst_c9410rCisco IOS XE Software
CWE ID-CWE-388
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-3560
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.16% / 77.70%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:50
Updated-13 Nov, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability

A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_1562iaironet_1830e1111-8pwbaironet_1850e1113-8pmwecatalyst_iw6300aironet_3800e1111-8plteeawbaironet_1562ecatalyst_9800-l-c1117-4pmweaironet_2800iaironet_1542iaironet_3800pcatalyst_9800-80catalyst_9800-l-faironet_1830icatalyst_9117wireless_lan_controller_softwareaironet_1815catalyst_91151117-4pwebusiness_140accatalyst_9130aironet_4800catalyst_9800-laironet_1542dbusiness_240accatalyst_9800-40aironet_access_point_softwarecatalyst_9120aironet_1562dbusiness_access_pointsaccess_points1116-4pweesw-6300-con-x-k9business_145ac1113-8pwe1113-8plteeawe1117-4plteeaweaironet_3800i1111-4pweaironet_1850icatalyst_9800-cl1117-4pmlteeawewireless_lan_controlleraironet_2800e1116-4plteeawecatalyst_9105Cisco Aironet Access Point Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-3363
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.04% / 76.54%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 18:01
Updated-13 Nov, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause an unexpected reboot of the switch, leading to a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg250-10p_firmwaresf250-24psg300-10p_firmwaresg250-18_firmwaresg300-52_firmwaresg500-52mp_firmwaresg250x-24p_firmwaresg300-52sg250x-24psg200-26sg250-18sg500-28sg500x-48sg350x-24mpsx550x-24sg550x-48p_firmwaresg200-50p_firmwaresg200-26_firmwaresg200-08psf250-24p_firmwaresf200-24_firmwaresg300-20sg500-28psg350x-48_firmwaresg350xg-24tsx550x-12fsf200-48sg350x-24_firmwaresf350-48psf350-48sg550x-48mp_firmwaresg500x-24psf300-48psf300-24_firmwaresg500-52sf300-24mp_firmwaresf550x-24mp_firmwaresg500-28mpp_firmwaresg500-52psg350-28sg350x-24mp_firmwaresf250-24sg500-52_firmwaresf550x-48p_firmwaresg550x-48psg200-10fpsf300-24ppsg350x-48mp_firmwaresg250x-24_firmwaresg250-50hp_firmwaresx550x-24ft_firmwaresg350x-24sg300-10mpp_firmwaresg250x-24sf550x-48_firmwaresg200-50sg300-52mpsg350-10p_firmwaresg355-10psg200-50psg350-10psg200-26fp_firmwaresx550x-16ft_firmwaresf200-48p_firmwaresf302-08p_firmwaresg500-52mpsg250-50psg300-52psf250-48sg250-26hpsg250x-48p_firmwaresg300-20_firmwaresf500-24p_firmwaresf500-48sg300-10sfpsg550x-24_firmwaresg200-50fpsg250x-48_firmwaresg300-28_firmwaresf302-08psg500-28mppsf500-24psg250-50p_firmwaresf200-24p_firmwaresf302-08ppsf350-48p_firmwaresg350xg-48t_firmwaresf300-48sg250-26sg300-10sfp_firmwaresg250x-48sf550x-48mp_firmwaresg350-28p_firmwaresf550x-24_firmwaresf250-48hp_firmwaresg350xg-2f10sg300-28ppsg300-52mp_firmwaresf500-48_firmwaresg350-10mpsg500-28p_firmwaresf550x-48psg550x-24mppsf550x-24sf500-48psg350xg-24f_firmwaresf200-24psg500-52p_firmwaresf500-48p_firmwaresg300-28mpsf302-08mp_firmwaresf350-48mp_firmwaresf250-24_firmwaresg350-28mpsg350x-48sg350-28mp_firmwaresg300-28pp_firmwaresf302-08sf200-24sx550x-24fsg500x-48psg250-26_firmwaresg350-10mp_firmwaresf302-08mpp_firmwaresg355-10p_firmwaresg550x-24mp_firmwaresg500x-48p_firmwaresg200-18_firmwaresg300-10psg300-52p_firmwaresf300-48ppsg500x-24_firmwaresg350xg-24t_firmwaresg550x-48_firmwaresf550x-24p_firmwaresg350x-24p_firmwaresg300-10mp_firmwaresf302-08_firmwaresg200-08p_firmwaresf200-24fp_firmwaresg550x-24sg300-10mpsf300-08sg300-10ppsg250-50_firmwaresf350-48_firmwaresg250-10psg350xg-2f10_firmwaresx550x-24f_firmwaresg200-08sg250-08sg350-28psg250-26hp_firmwaresg200-26fpsg200-26p_firmwaresg350xg-48tsf550x-48sg300-28sx550x-52_firmwaresg200-10fp_firmwaresg350-28_firmwaresg300-10_firmwaresg350-10sg350x-48psg250-08hpsg550x-24mpsx550x-16ftsf300-24p_firmwaresg500x-24sg550x-48mpsg350-10_firmwaresx550x-24ftsx550x-52sg250x-48psg200-50fp_firmwaresg500x-24p_firmwaresg250-26psg300-10pp_firmwaresf550x-24psg300-10sf500-24sf300-48p_firmwaresf350-48mpsg250-50sg550x-24p_firmwaresf200-24fpsg300-10mppsg500xg-8f8t_firmwaresg300-28psg550x-24psg200-26psf200-48psf300-24psf300-24sg200-08_firmwaresg350x-48mpsf302-08mppsg550x-48sf302-08mpsf250-48_firmwaresg350x-48p_firmwaresf300-48pp_firmwaresg250-08_firmwaresf300-24mpsg300-28mp_firmwaresg350x-24psf550x-24mpsx550x-12f_firmwaresf302-08pp_firmwaresg250-50hpsg550x-24mpp_firmwaresf250-48hpsg200-18sx550x-24_firmwaresg200-50_firmwaresg250-26p_firmwaresg350xg-24fsf300-08_firmwaresf200-48_firmwaresg500x-48_firmwaresg500xg-8f8tsg500-28_firmwaresf500-24_firmwaresg250-08hp_firmwaresf300-48_firmwaresf300-24pp_firmwaresg300-28p_firmwareCisco Small Business 250 Series Smart Switches Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3569
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-21.75% / 95.53%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:25
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.
Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities

Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ncs_5502ncs_560asr_9906crs-8\/s-b_crscrs-xasr_9904asr_9903asr_9910ncs_6008ncs_520ncs_540crs-1_4-slot_single-shelf_systemcrs-1_16-slot_single-shelf_systemncs_5501asr_9912crs-x_multishelf_systemncs_5508asr_9901asr_9006ncs_5516crs-3_8-slot_single-shelf_systemcrs-3_multishelf_systemncs_5011asr_9922ncs_5001asr_9000vcrscrs-1_fabric_card_chassiscrs-3_4-slot_single-shelf_systemcrs-1_line_card_chassis_\(multi\)crs-3_16-slot_single-shelf_systemcrs-1_multishelf_systemios_xrasr_9010asr_9001crs-1_line_card_chassis_\(dual\)crs-1_16-slot_line_card_chassiscrs-1_8-slot_line_card_chassiscrs-1_8-slot_single-shelf_systemcrs-x_16-slot_single-shelf_systemncs_5002crs-8\/scrscrs_performance_route_processorCisco IOS XR SoftwareIOS XR
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-27124
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.27% / 49.86%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 16:03
Updated-01 Aug, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability

A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Softwareadaptive_security_appliance
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2025-20271
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.13% / 33.52%
||
7 Day CHG+0.01%
Published-18 Jun, 2025 | 16:38
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Meraki MX and Z Series AnyConnect VPN with Client Certificate Authentication Denial of Service Vulnerability

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. This vulnerability is due to variable initialization errors when an SSL VPN session is established. An attacker could exploit this vulnerability by sending a sequence of crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of all established SSL VPN sessions and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established, effectively making the Cisco AnyConnect VPN service unavailable for all legitimate users.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Meraki MX Firmware
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2018-0155
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-15.32% / 94.36%
||
7 Day CHG~0.00%
Published-28 Mar, 2018 | 22:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.

A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.

Action-Not Available
Vendor-n/aRockwell Automation, Inc.Cisco Systems, Inc.
Product-catalyst_4500-x_series_switches_\(k10\)catalyst_4500e_supervisor_engine_9-e_\(k10\)ios_xecatalyst_4948e_ethernet_switch_\(k5\)ioscatalyst_4500_supervisor_engine_6-e_\(k5\)catalyst_4900m_switch_\(k5\)catalyst_4500_supervisor_engine_6l-e_\(k10\)catalyst_4500e_supervisor_engine_8-e_\(k10\)allen-bradley_stratix_8300_industrial_managed_ethernet_switchcatalyst_4500_supervisor_engine_7l-e_\(k10\)catalyst_4500e_supervisor_engine_8l-e_\(k10\)catalyst_4500_supervisor_engine_7-e_\(k10\)Cisco IOS and IOS XECatalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2017-3864
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.12% / 77.40%
||
7 Day CHG~0.00%
Published-22 Mar, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and using a specific DHCP client configuration. Cisco Bug IDs: CSCuu43892.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xeCisco IOS and IOS XE
CWE ID-CWE-399
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found