Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-20139

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-02 Apr, 2025 | 16:16
Updated At-02 Apr, 2025 | 16:33
Rejected At-
Credits

A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:02 Apr, 2025 | 16:16
Updated At:02 Apr, 2025 | 16:33
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Enterprise Chat and Email
Versions
Affected
  • 11.5(1)
  • 11.6(1)
  • 11.6(1)_ES2
  • 11.6(1)_ES3
  • 11.6(1)_ES4
  • 11.6(1)_ES5
  • 11.6(1)_ES6
  • 11.6(1)_ES10
  • 11.6(1)_ES11
  • 11.6(1)_ES7
  • 11.6(1)_ES8
  • 11.6(1)_ES9
  • 11.6(1)_ES9a
  • 11.6(1)_ES12
  • 11.6(1)_ES12_ET1
  • 12.0(1)
  • 12.0(1)_ES1
  • 12.0(1)_ES2
  • 12.0(1)_ES3
  • 12.0(1)_ES4
  • 12.0(1)_ES5
  • 12.0(1)_ES5a
  • 12.0(1)_ES6
  • 12.0(1)_ES6_ET1
  • 12.0(1)_ES6_ET2
  • 12.0(1)_ES6_ET3
  • 12.0(1)_ES7
  • 12.0(1)_ES7_ET1
  • 12.5(1)
  • 12.5(1)_ES1
  • 12.5(1)_ES2
  • 12.5(1)_ES3
  • 12.5(1)_ES3_ET1
  • 12.5(1)_ET1
  • 12.5(1)_ES4
  • 12.5(1)_ES3_ET2
  • 12.5(1)_ES4_ET1
  • 12.5(1)_ES5
  • 12.5(1)_ES5_ET1
  • 12.5(1)_ES6
  • 12.5(1)_ES7
  • 12.5(1)_ES8
  • 12.5(1)_ES8_ET1
  • 12.5(1)_ES3_ET3
  • 12.5(1)_ES5_ET2
  • 12.5(1)_ES6_ET1
  • 12.5(1)_ES4_ET2
  • 12.5(1)_ES7_ET1
  • 12.5(1)_ES9
  • 12.6(1)
  • 12.6(1)_ET1
  • 12.6(1)_ET2
  • 12.6(1)_ES1
  • 12.6(1)_ET3
  • 12.6(1)_ES1_ET1
  • 12.6(1)_ES2
  • 12.6(1)_ES3
  • 12.6(1)_ES4
  • 12.6(1)_ES4_ET1
  • 12.6(1)_ES5
  • 12.6(1)_ES5_ET1
  • 12.6(1)_ES5_ET2
  • 12.6(1)_ES6
  • 12.6(1)_ES6_ET1
  • 12.6(1)_ES6_ET2
  • 12.6(1)_ES7
  • 12.6(1)_ES8
  • 12.6(1)_ES4_ET2
  • 12.6(1)_ES3_ET3
  • 12.6(1)_ES2_ET5
  • 12.6(1)_ES1_ET2
  • 12.6(1)_ES8_ET1
  • 12.6(1)_ES7_ET1
  • 12.6(1)_ES6_ET3
  • 12.6(1)_ES5_ET3
  • 12.6(1)_ES8_ET2
  • 12.6(1)_ES9
  • 12.6(1)_ES9_ET1
  • 12.6(1)_ES9_ET2
  • 12.6(1)_ES9_ET3
  • 12.6_ES2_ET1
  • 12.6_ES2_ET2
  • 12.6_ES2_ET3
  • 12.6_ES2_ET4
  • 12.6_ES3_ET1
  • 12.6_ES3_ET2
Problem Types
TypeCWE IDDescription
cweCWE-185Incorrect Regular Expression
Type: cwe
CWE ID: CWE-185
Description: Incorrect Regular Expression
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:02 Apr, 2025 | 17:15
Updated At:06 Aug, 2025 | 20:03

A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Cisco Systems, Inc.
cisco
>>enterprise_chat_and_email>>Versions before 12.6\(1\)es10(exclusive)
cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-185Primarypsirt@cisco.com
CWE ID: CWE-185
Type: Primary
Source: psirt@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8psirt@cisco.com
Vendor Advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8
Source: psirt@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

223Records found
CVE-2021-34769
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:26
Updated-07 Nov, 2024 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-40_wireless_controllercatalyst_9800-40catalyst_9800-l-ccatalyst_9800-80_wireless_controllercatalyst_9800_embedded_wireless_controllercatalyst_9800catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software
CWE ID-CWE-415
Double Free
CVE-2021-34698
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.52% / 65.72%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 19:46
Updated-07 Nov, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing new connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asyncosweb_security_appliance_s190web_security_appliance_s690web_security_appliance_s680web_security_appliance_s690xweb_security_appliance_s170web_security_appliance_s390web_security_appliance_s380Cisco Web Security Appliance (WSA)
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-34792
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.43% / 61.73%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:56
Updated-07 Nov, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability

A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management when connection rates are high. An attacker could exploit this vulnerability by opening a significant number of connections on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliance_softwareasa_5585-x_firmwareasa_5505_firmwareasa_5580_firmwareasa_5515-xasa_5545-x_firmwareasa_5545-xasa_5525-x_firmwareasa_5505asa_5555-xasa_5580asa_5515-x_firmwareasa_5525-xasa_5555-x_firmwareasa_5585-xasa_5512-x_firmwareasa_5512-xfirepower_threat_defenseCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-34783
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.30% / 52.64%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:55
Updated-07 Nov, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability

A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliance_softwareasa_5585-x_firmwareasa_5505_firmwareasa_5580_firmwareasa_5515-xasa_5545-x_firmwareasa_5545-xasa_5525-x_firmwareasa_5505asa_5555-xasa_5580asa_5515-x_firmwareasa_5525-xasa_5555-x_firmwareasa_5585-xasa_5512-x_firmwareasa_5512-xfirepower_threat_defenseCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2058
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.13%
||
7 Day CHG~0.00%
Published-22 Oct, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12659
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 65.90%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-19 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software HTTP Server Denial of Service Vulnerability

A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecbr-8_converged_broadband_routerCisco IOS XE Software 3.2.0JA
CWE ID-CWE-399
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-34736
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.07%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 02:50
Updated-07 Nov, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Integrated Management Controller GUI Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_c240_sd_m5ucs_c260_m2ucs_c890_m5ucs_c245_m6ucs_c460_m4ucs_c220_m4ucs_c240_m3ucs_c220_m5ucs_c24_m3ucs_c3160ucs_c220_m3ucs_c3260ucs_c480_ml_m5ucs_c225_m6ucs_c125_m5ucs_s3260ucs_c240_m5ucs_c22_m3ucs_c480_m5ucs_c460_m2ucs_c4200unified_computing_systemucs_c420_m3Cisco Unified Computing System (Managed)
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12658
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.16% / 77.70%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-19 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability

A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3650-24ps-scatalyst_3850-32xs-e4351_integrated_services_rcatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_3850-24p-scatalyst_3650-24pdm-lcatalyst_3850-16xs-s4431_integrated_services_rcatalyst_9300-48p-acatalyst_3650-24ts-ecatalyst_3650-24ps-lcatalyst_c9500-40x-acatalyst_3650-48td-scatalyst_3850-48u-lcatalyst_3650-48ts-lcatalyst_3650-48tq-ecatalyst_3650-8x24uq-l1100_integrated_services_rcatalyst_3650-48fd-lcatalyst_3650-48fs-lcatalyst_3650-48pq-ecatalyst_3650-48fs-ecatalyst_3650-24pd-lcatalyst_3650-24pd-scatalyst_3650-24td-lcatalyst_3650-24ts-lcatalyst_9300-24t-ecatalyst_c9500-12q-easr_920-12cz-a_rcatalyst_3650-48fd-scatalyst_3650-48fs-scatalyst_3850-48t-scatalyst_9300-48p-ecatalyst_3650-48pq-lcatalyst_3850-24t-scatalyst_9407rcatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9300-48t-ecatalyst_3850-24xu-ecatalyst_c9500-12q-acatalyst_3650-12x48uq-ecatalyst_3650-24td-scatalyst_3650-48pd-lcatalyst_3850-48u-scatalyst_3850-16xs-ecatalyst_3650-48tq-scatalyst_3650-24pdm-scatalyst_3850-48p-ecatalyst_3650-12x48ur-easr_920-4sz-a_rcatalyst_3650-48fqm-scatalyst_3850-48t-lcatalyst_3650-48fd-ecatalyst_c3850-12x48u-ecatalyst_3650-12x48uq-lcatalyst_3650-48fq-ecatalyst_3650-8x24uq-scatalyst_9300-48u-ecatalyst_3650-48tq-lcatalyst_9300-48u-acatalyst_3650-48fq-scatalyst_3850-24p-e4451-x_integrated_services_rcatalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300asr_920-24sz-im_rcatalyst_3850-48t-ecatalyst_3650-48pq-scatalyst_3850-24xu-scatalyst_c9500-40x-ecatalyst_3650-48td-lasr_920-24tz-m_rcatalyst_c3850-12x48u-scatalyst_3650-48fqm-lcatalyst_3850-24xs-easr_920-24sz-m_rcatalyst_9400_supervisor_engine-1ncs_4216catalyst_3850-12s-scatalyst_3650-8x24uq-ecatalyst_3850-24u-lasr_920-4sz-d_rcatalyst_c9500-24q-ecatalyst_3850-48f-scatalyst_3650-12x48ur-lcatalyst_3850-24u-scatalyst_c3850-12x48u-lasr_1001-hx_rasr_1002-hx_rcatalyst_3850-48f-e4331_integrated_services_rcatalyst_9300-24p-acatalyst_3850-32xs-scatalyst_3650-48ps-lcatalyst_9500asr_900_4221_integrated_services_rcatalyst_3850-48f-lcatalyst_3850-24xu-l4321_integrated_services_rcatalyst_3850-24s-scatalyst_3650-24td-ecatalyst_3850-48xs-ecatalyst_3650-48td-ecatalyst_9300-24u-aasr_920-12cz-d_rcatalyst_3650-48fq-lncs_4202catalyst_3650-12x48uz-ecatalyst_3650-12x48uq-scatalyst_9300-24u-ecatalyst_3650-12x48ur-scatalyst_3850-48p-scatalyst_3650-48pd-sasr_1001-x_rcloud_services_r_1000vcatalyst_3650-24pd-encs_4206catalyst_9300-24p-easr_920-10sz-pd_rnetwork_convergence_system_520asr_1002-x_rcatalyst_3850-48xs-f-ecatalyst_9300-48t-acatalyst_3850-12s-ecatalyst_3850-24p-lncs_4201catalyst_3850-24t-ecatalyst_3650-24ts-scatalyst_3650-24ps-easr_900catalyst_3850-24xs-scatalyst_3650-48ps-scatalyst_3650-48fqm-ecatalyst_3650-48pd-ecatalyst_3650-24pdm-easr_1000catalyst_3850-24u-ecatalyst_3850-48xs-scatalyst_3650-48ts-eios_xecatalyst_3850-48p-lcatalyst_c9500-24q-aasr_920-12sz-im_rcatalyst_9410rcatalyst_3650-48ts-scatalyst_3650-48ps-ecatalyst_3850-12xs-eCisco IOS XE Software 16.1.1
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-1351
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.83% / 82.18%
||
7 Day CHG~0.00%
Published-26 Mar, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosnx-osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12673
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.64% / 69.65%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:00
Updated-19 Nov, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability

A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of FTP data. An attacker could exploit this vulnerability by sending malicious FTP traffic through an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5550adaptive_security_applianceasa_5505adaptive_security_appliance_softwareasa_5555-xasa_5520asa_5510asa_5525-xasa_5580asa_5585-xasa_5512-xfirepower_threat_defenseasa_5515-xCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1469
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.61% / 81.01%
||
7 Day CHG~0.00%
Published-12 Sep, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-spa300_series_ip_phonespa300_firmwarespa500_firmwarespa500_series_ip_phonen/a
CVE-2016-1347
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-4.32% / 88.45%
||
7 Day CHG~0.00%
Published-24 Mar, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CVE-2019-12653
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.81% / 73.21%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-19 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability

A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeasr_903asr_907asr_902asr_914asr_902uCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34781
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.43% / 61.67%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:55
Updated-07 Nov, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability

A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, which causes a DoS condition on the affected device. The device must be manually reloaded to recover.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_management_center_virtual_appliancefirepower_threat_defensesourcefire_defense_centerCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-12655
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.22% / 78.29%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-19 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosCisco IOS XE Software 3.16.8S
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-12698
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 65.72%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-19 Nov, 2024 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN CPU Denial of Service Vulnerability

A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for a specific WebVPN HTTP page request. An attacker could exploit this vulnerability by sending multiple WebVPN HTTP page load requests for a specific URL. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition, which could cause traffic to be delayed through the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5550adaptive_security_applianceasa_5505adaptive_security_appliance_softwareasa_5555-xasa_5520asa_5510asa_5525-xasa_5580asa_5585-xasa_5512-xfirepower_threat_defenseasa_5515-xCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-12646
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.16% / 77.70%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:00
Updated-19 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xe4221_integrated_services_routerisrv4331_integrated_services_router1101-4p1109-4p1111x-8p1100-8p1100-4p1109-2pencs_5100encs_5400csr_1000vCisco IOS XE Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-665
Improper Initialization
CVE-2019-12678
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.92% / 74.97%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-19 Nov, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a malicious SIP packet through an affected device. A successful exploit could allow the attacker to trigger an integer underflow, causing the software to try to read unmapped memory and resulting in a crash.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5550adaptive_security_applianceasa_5505adaptive_security_appliance_softwareasa_5555-xasa_5520asa_5510asa_5525-xasa_5580asa_5585-xasa_5512-xfirepower_threat_defenseasa_5515-xCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-12654
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.16% / 77.73%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-19 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-4451-x_integrated_services_router4321_integrated_services_router4431_integrated_services_routercloud_services_router_1000vasr_1002-hxasr_10001100_integrated_services_routerios_xe4221_integrated_services_routerintegrated_services_virtual_router4331_integrated_services_routerasr_1001-x4000_integrated_services_router1000_integrated_services_routerasr_1001-hxasr_1002-x4351_integrated_services_routerCisco IOS 15.0(1)XA2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-12657
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.45% / 79.97%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-19 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability

A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3650-48fqm-lcatalyst_3850-24xs-ecatalyst_3650-24ps-scatalyst_3850-32xs-ecatalyst_3850-12s-scatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_3650-8x24uq-ecatalyst_3850-24u-lcatalyst_3850-24p-scatalyst_3650-24pdm-lcatalyst_3850-16xs-scatalyst_3850-48f-scatalyst_3650-12x48ur-lcatalyst_3850-24u-scatalyst_c3850-12x48u-l4331_integrated_services_routercatalyst_3650-24ts-ecatalyst_3650-24ps-lcatalyst_3850-48f-ecatalyst_3650-48td-scatalyst_3650-12x48uz-scatalyst_3650-8x24pd-scatalyst_3850-48u-lcatalyst_3650-48ts-lcatalyst_3650-48tq-ecatalyst_3650-8x24uq-lcatalyst_3650-48fd-lcatalyst_3650-48fs-lcatalyst_3650-48pq-ecatalyst_3650-24pd-lcatalyst_3650-24td-lcatalyst_3650-24pd-scatalyst_3650-24ts-lcatalyst_3650-48fs-ecatalyst_3850-32xs-scatalyst_3650-48ps-lcloud_services_router_1000vasr_1000_catalyst_3650-12x48fd-ecatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_3850-48xs-ecatalyst_3850-24s-scatalyst_3650-24td-ecatalyst_3650-48td-ecatalyst_3650-48fd-scatalyst_3650-48fs-scatalyst_3850-48t-scatalyst_3650-8x24pd-lasr_1001-hxcatalyst_3650-48pq-lcatalyst_3850-24t-sasr_1002-xcatalyst_3650-8x24pd-ecatalyst_3650-48fq-lcatalyst_3650-12x48uz-ecatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_3650-12x48uq-s4451-x_integrated_services_routercatalyst_3850-24xu-ecatalyst_3650-12x48ur-scatalyst_3650-12x48uq-ecatalyst_3850-48p-scatalyst_3650-48pd-scatalyst_3650-24td-scatalyst_3650-48pd-lcatalyst_3850-48u-sasr_1002-hxcatalyst_3650-24pd-ecatalyst_3850-16xs-ecatalyst_3650-12x48uz-lcatalyst_3650-48tq-scatalyst_3650-24pdm-scatalyst_3850-48xs-f-ecatalyst_3850-48p-ecatalyst_3650-12x48ur-ecatalyst_3850-12s-ecatalyst_3850-24p-lcatalyst_3650-48fqm-scatalyst_3850-48t-lcatalyst_3650-48fd-ecatalyst_3850-24t-ecatalyst_3650-24ts-scatalyst_3650-24ps-ecatalyst_3650-12x48fd-scatalyst_c3850-12x48u-ecatalyst_3650-12x48uq-l4321_integrated_services_routercatalyst_3850-24xs-scatalyst_3650-48ps-scatalyst_3650-48fq-ecatalyst_3650-8x24uq-scatalyst_3650-48tq-l4431_integrated_services_routercatalyst_3650-48fqm-ecatalyst_3650-48pd-ecatalyst_3650-24pdm-ecatalyst_3650-12x48fd-lcatalyst_3850-12xs-ecatalyst_3850-24u-ecatalyst_3850-48xs-scatalyst_3650-48fq-scatalyst_3650-48ts-ecatalyst_3850-48p-lios_xecatalyst_3850-24p-ecatalyst_3850-48xs-f-scatalyst_3850-48t-easr_1001-xcatalyst_3650-48pq-scatalyst_3650-48ts-scatalyst_3850-24xu-scatalyst_3650-48ps-ecatalyst_3650-48td-l4351_integrated_services_routercatalyst_c3850-12x48u-sCisco IOS XE Software 3.16.0S
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12656
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.17%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-19 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOx Application Environment Denial of Service Vulnerability

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ie_2000-8tc-g-eic3000_firmwareir510_wpan_firmwareie_2000-16tc-g-nie_2000-16tc-g-ecgr_1000ic3000ie_2000-4t-gir510_wpanie_2000-4ts-gie_2000-16ptc-gie_2000-24t67ie_2000-4tie_2000-16t67iosie_2000-16tc-gie_2000-8tc-g-nie_2000-8tc-gie_2000-4tsie_2000-4s-ts-gie_4000_firmwareie_2000-16tc-g-xindustrial_ethernet_2000_series_firmwareie_2000-8t67ie_2000-16tcie_2000-16t67pie_2000-8tcie_2000-8t67pcgr_1000_firmwareie_4000Cisco Industrial Routers Operating System Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12669
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.46% / 63.11%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-21 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability

A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3560ioscatalyst_3560-xcatalyst_3560-eCisco IOS XE Software 3.2.9SG
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12625
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-2.32% / 84.18%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 18:15
Updated-19 Nov, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV Zip Bomb Vulnerability

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2017-12231
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-10.85% / 93.10%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_3850-nm-2-40gcatalyst_3850-24t-scatalyst_9800-80asr_901s-4sg-f-dasr_1009-xcatalyst_8300catalyst_3650-48fs-ecatalyst_3850-24xs-scatalyst_3650-24ts-lcatalyst_3850-12s-e1100_integrated_services_routercatalyst_3650-24ps-sasr_9910catalyst_3650-48fd-scatalyst_8300-2n2s-4t2xcatalyst_9800asr_920-12cz-dasr_920-12cz-a_rasr_920u-12sz-imcatalyst_3650-48fq-sasr_901-6cz-fs-acatalyst_3650-48fq-l1109-2p_integrated_services_routercatalyst_9300-48t-ecatalyst_3650-48pd-lcatalyst_9300-48t-acatalyst_9300l-48t-4g-a8201-32fh9800-lcatalyst_3650-48tq-ecatalyst_3650-48ps-lasr_1002_fixed_routercatalyst_9300-24s-acatalyst_3850-48xs-easr_1000-esp100catalyst_9300l-24t-4g-ecatalyst_82001841_integrated_service_routercatalyst_3650-12x48uzasr_901-4c-ft-dcatalyst_3850-48p-sasr_920-4sz-a_rasr_920-4sz-dcatalyst_3850-48f-ecatalyst_3650-24pdasr_901s-3sg-f-ahcatalyst_9300-24t-acatalyst_3650-48td-easr_1001-hxcatalyst_3850-24t-l8101-32hcatalyst_8500catalyst_9300-48uxm-ecatalyst_3650-48fd-lcatalyst_3850-48t-lcatalyst_3850-nm-8-10gcatalyst_9300l-24p-4g-acatalyst_9300-24u-aasr_900catalyst_3850-12x48ucatalyst_3650-24ps-e8201catalyst_3650-24pd-ecatalyst_3850-48t-ecatalyst_9800-cl1812_integrated_service_routerasr_901-12c-f-dcatalyst_8500lasr_907catalyst_3650-48td-lcatalyst_9200asr_1001-hx_rasr_1006-xcatalyst_3650-48td-scatalyst_9300-24s-ecatalyst_3650-8x24uq-lcatalyst_8300-1n1s-4t2xcatalyst_9300l-24t-4x-a1100-4g\/6g_integrated_services_router1801_integrated_service_router1100-4gltegb_integrated_services_routerasr_9010catalyst_3850-24xu-l1811_integrated_service_router8800_8-slotcatalyst_9300lcatalyst_9800-lasr_920-24sz-imcatalyst_3650-12x48ur-scatalyst_3650-24td-sasr_10138800_4-slotcatalyst_3650-48fq9800-clcatalyst_9300l-48p-4g-acatalyst_9300-24p-ecatalyst_9300-48un-acatalyst_96008808catalyst_95001160_integrated_services_router1941w_integrated_services_router1906c_integrated_services_routercatalyst_ie3300_rugged_switchasr_901s-2sg-f-dcatalyst_3650-12x48uq-sasr_920-24tz-m_rcatalyst_3850-24ucatalyst_3650-48pd-easr_920-12sz-im_rcatalyst_3850-16xs-scatalyst_3650-48tq-scatalyst_3850-48ucatalyst_9600xcatalyst_9300l-48t-4x-acatalyst_3650-24pdm-ecatalyst_3850-32xs-easr_9920asr_920-4sz-d_r4221_integrated_services_routercatalyst_3650-48ts-l1100-8p_integrated_services_router8212asr_920-24sz-mcatalyst_9300l-48t-4g-ecatalyst_9300l-48t-4x-ecatalyst_3650-12x48uq-lcatalyst_3850-48p-lasr_902asr_9006catalyst_3650-48pq-e1109-4p_integrated_services_routercatalyst_3850-24xu-ecatalyst_3850-24t-ecatalyst_8510csrcatalyst_9300lmasr_9000v8818catalyst_3650-12x48uz-sasr_901-6cz-f-acatalyst_3850-48u-lcatalyst_3850-24s-scatalyst_3850-24u-scatalyst_3650-24pd-scatalyst_3650-48fqm-ecatalyst_9300l-48p-4g-ecatalyst_3650catalyst_3850-12s-sasr_9902asr_901s-2sg-f-ahcatalyst_9300-24t-e9800-40catalyst_3650-12x48ur-ecatalyst_9300l-24p-4x-ecatalyst_9300-48u-acatalyst_9800-l-fcatalyst_3650-12x48ur-lcatalyst_ie3200_rugged_switchasr_1002-xcatalyst_8300-1n1s-6tcatalyst_3650-24pdm-lasr_10001100-6g_integrated_services_routercatalyst_3650-8x24uq-easr_901-6cz-ft-dcatalyst_3650-12x48uz-ecatalyst_9300l-48p-4x-acatalyst_8500-4qccatalyst_3850-24pw-scatalyst_3650-12x48fd-scatalyst_3850-48xs-s8218asr_920-10sz-pd_rcatalyst_9300-48u-ecatalyst_3850-48t-sasr_920-24sz-m_rcatalyst_3850-24xu-scatalyst_3850-48f-lcatalyst_3850catalyst_9600_supervisor_engine-18101-32fhasr_1002-hxcatalyst_3650-12x48uq8102-64hcatalyst_3650-8x24uq-sasr_920-12cz-acatalyst_3650-48pq-lcatalyst_3650-48fs-l1905_integrated_services_routercatalyst_9200lcatalyst_3650-24ps-lasr_9901catalyst_8540msrasr_901s-3sg-f-d8202catalyst_9300-48s-a8800_18-slotcatalyst_3850-32xs-sasr_1002-x_rcatalyst_3650-24td-ecatalyst_3850-48xs-f-e8800_12-slotcatalyst_3650-24td-lcatalyst_9300-24ux-e1111x-8p_integrated_services_routercatalyst_3850-24p-easr_9912catalyst_3650-12x48uz-lcatalyst_3850-24p-scatalyst_9300-24u-e1101-4p_integrated_services_routercatalyst_3650-48tq-lcatalyst_3850-24s-ecatalyst_3850-24xuasr_1023asr_903catalyst_3650-24pd-lcatalyst_9300l-24p-4g-ecatalyst_3850-24u-lasr_920-4sz-aasr_1000-esp200-x1100-4p_integrated_services_routercatalyst_3850-24u-easr_9904asr_901-6cz-fs-d1109_integrated_services_routerasr_901-4c-f-dcatalyst_3650-48fd-e8812catalyst_3650-48fs-scatalyst_3850-48pw-s1101_integrated_services_routerasr_901-6cz-ft-a8804catalyst_3850-12xs-scatalyst_3650-12x48urcatalyst_3850-24xsasr_920-12cz-d_rcatalyst_9300-24ux-acatalyst_8540csrcatalyst_3650-8x24uqcatalyst_3650-48ts-scatalyst_9200cxcatalyst_9300l-24t-4g-acatalyst_3650-8x24pd-scatalyst_8510msrcatalyst_9800_embedded_wireless_controlleriosasr_914catalyst_3850-48xscatalyst_3850-48p-ecatalyst_3850-48u-ecatalyst_9300l_stackcatalyst_3650-48fq-easr_902uasr_901-12c-ft-dcatalyst_3850-48xs-f-sasr_9922catalyst_3850-24p-lcatalyst_9300-48p-acatalyst_9300-48p-easr_1001-xcatalyst_9800-40_wireless_controllercatalyst_9300-48un-ecatalyst_3650-24ts-e1100-4g_integrated_services_routercatalyst_9800-40asr_9903catalyst_9300-24p-acatalyst_9300-48s-e1100-4gltena_integrated_services_router1120_integrated_services_routercatalyst_9300l-24t-4x-ecatalyst_9300xcatalyst_3850-24xs-ecatalyst_3850-48f-sasr_920-12sz-im1861_integrated_service_routercatalyst_3650-8x24pd-ecatalyst_9300-48uxm-a1100-lte_integrated_services_routercatalyst_9500hasr_1000-esp100-xasr_920-10sz-pdcatalyst_9300l-48p-4x-ecatalyst_3650-48fqm-scatalyst_3850-12xs-e1100_terminal_services_gatewaysasr_920-24tz-mcatalyst_3650-48fqm-lasr_920-24sz-im_rasr_1002-hx_rasr_1001catalyst_3650-48pq-scatalyst_3650-48fqmcatalyst_9300catalyst_3650-12x48fd-lasr_90001941_integrated_services_routercatalyst_3650-48pd-s1921_integrated_services_routercatalyst_3650-8x24pd-l1802_integrated_service_routerasr_9906catalyst_9300l-24p-4x-acatalyst_3650-12x48uq-e4000_integrated_services_routerasr_1001-x_r8208asr_1004catalyst_3650-48ps-easr_901-6cz-f-dcatalyst_9800-80_wireless_controllerasr_10061803_integrated_service_routercatalyst_3650-24ts-scatalyst_3650-24pdmcatalyst_3650-48ps-scatalyst_9800-l-casr_9001catalyst_3650-48ts-ecatalyst_3850-16xs-e9800-80catalyst_3850-48u-s1131_integrated_services_routercatalyst_3650-12x48fd-ecatalyst_3650-24pdm-scatalyst_8300-2n2s-6t111x_integrated_services_routerCisco IOSIOS software
CVE-2025-20128
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.89% / 82.44%
||
7 Day CHG+0.20%
Published-22 Jan, 2025 | 16:21
Updated-06 Aug, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-secure_endpoint_private_cloudsecure_endpointclamavCisco Secure Endpoint
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-20209
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.10%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 16:13
Updated-01 Aug, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Internet Key Exchange Version 2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.  This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrncs_1010ncs_1014ncs_1004ncs_540lCisco IOS XR Software
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-20165
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.29%
||
7 Day CHG+0.03%
Published-22 Jan, 2025 | 16:21
Updated-06 Aug, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco BroadWorks SIP Denial of Service Vulnerability

A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-broadworks_network_serverCisco BroadWorks
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2019-1741
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.11% / 77.29%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:25
Updated-19 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-416
Use After Free
CVE-2019-16021
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.31% / 78.99%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:26
Updated-13 Nov, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ncs_5001ncs_5002asr_9010asr_9000ncs_560ncs_5011ncs_1001ios_xrv_9000ncs_6000asr_9910asr_9904asr_9912asr_9922ncs_540carrier_routing_systemncs_1004ncs_540lncs_1002ios_xrncs_5500Cisco IOS XR Software
CWE ID-CWE-399
Not Available
CVE-2018-5390
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-19.92% / 95.25%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Linux Kernel Organization, IncF5, Inc.A10 NetworksCisco Systems, Inc.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxtelepresence_video_communication_server_firmwarebig-ip_webacceleratortelepresence_conductor_firmwarebig-ip_application_acceleration_managerenterprise_linux_server_eusbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linux_server_ausmeeting_managementtelepresence_conductorbig-ip_local_traffic_managerbig-ip_application_security_managerwebex_hybrid_data_securitythreat_grid-cloudtelepresence_video_communication_serverenterprise_linux_workstationbig-ip_access_policy_managerenterprise_linux_desktopvirtualizationtraffix_systems_signaling_delivery_controlleradvanced_core_operating_systemaruba_airwave_ampbig-ip_global_traffic_managerexpressway_seriesaruba_clearpass_policy_managerbig-ip_analyticsbig-ip_domain_name_systemexpresswaybig-ip_edge_gatewaydebian_linuxlinux_kernelbig-ip_link_controllercollaboration_meeting_roomsdigital_network_architecture_centerwebex_video_meshenterprise_linux_server_tusbig-ip_advanced_firewall_managernetwork_assurance_engineLinux Kernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-20351
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.58% / 67.84%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:09
Updated-11 Aug, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Snort Firewall Denial of Service Vulnerability

A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause legitimate network traffic to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of TCP/IP network traffic. An attacker could exploit this vulnerability by sending a large amount of TCP/IP network traffic through the affected device. A successful exploit could allow the attacker to cause the Cisco FTD device to drop network traffic, resulting in a DoS condition. The affected device must be rebooted to resolve the DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defense_softwareCisco Firepower Threat Defense Softwarefirepower_threat_defense_software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-20500
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.15% / 36.56%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 18:23
Updated-04 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-meraki_mx84meraki_mx64w_firmwaremeraki_mx600_firmwaremeraki_mx105meraki_mx250meraki_mx450meraki_mx105_firmwaremeraki_mx450_firmwaremeraki_z4cmeraki_z3c_firmwaremeraki_z3cmeraki_mx68cw_firmwaremeraki_mx100_firmwaremeraki_mx65meraki_mx85meraki_mx95_firmwaremeraki_z4c_firmwaremeraki_mx67cmeraki_mx85_firmwaremeraki_mx64_firmwaremeraki_mx95meraki_mx100meraki_mx68cwmeraki_z3_firmwaremeraki_mx75meraki_mx68w_firmwaremeraki_mx64wmeraki_mx250_firmwaremeraki_mx68meraki_mx67c_firmwaremeraki_mx68wmeraki_vmx_firmwaremeraki_mx400meraki_mx67wmeraki_mx65wmeraki_mx75_firmwaremeraki_mx67w_firmwaremeraki_z4_firmwaremeraki_mx600meraki_mx67meraki_z4meraki_z3meraki_mx64meraki_vmxmeraki_mx67_firmwaremeraki_mx65w_firmwaremeraki_mx68_firmwaremeraki_mx400_firmwaremeraki_mx65_firmwaremeraki_mx84_firmwareCisco Meraki MX Firmwaremeraki_z1meraki_mx
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-20330
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.11% / 30.17%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:08
Updated-06 Aug, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series TCP UDP Snort 2 and Snort 2 Denial of Service Vulnerability

A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause memory corruption, which could cause the Snort detection engine to restart unexpectedly. This vulnerability is due to improper memory management when the Snort detection engine processes specific TCP or UDP packets. An attacker could exploit this vulnerability by sending crafted TCP or UDP packets through a device that is inspecting traffic using the Snort detection engine. A successful exploit could allow the attacker to restart the Snort detection engine repeatedly, which could cause a denial of service (DoS) condition. The DoS condition impacts only the traffic through the device that is examined by the Snort detection engine. The device can still be managed over the network. Note: Once a memory block is corrupted, it cannot be cleared until the Cisco Firepower 2100 Series Appliance is manually reloaded. This means that the Snort detection engine could crash repeatedly, causing traffic that is processed by the Snort detection engine to be dropped until the device is manually reloaded.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_2120firepower_2110firepower_threat_defensefirepower_2130firepower_2100firepower_2140Cisco Firepower Threat Defense Softwarefirepower_threat_defense_software
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2024-20311
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.17% / 77.79%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 16:50
Updated-30 Jul, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: This vulnerability could be exploited over either IPv4 or IPv6 transport.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosios_xeCisco IOS XE SoftwareIOSios_xeios
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-20376
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.56%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 16:43
Updated-01 Aug, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco IP Phones with Multiplatform FirmwareCisco PhoneOSip_phone_7861_with_multiplatform_firmwareip_phone_6841_with_multiplatform_firmwareip_phone_6821_with_multiplatform_firmwareip_phone_7811_with_multiplatform_firmwareip_phone_7841_with_multiplatform_firmwareip_phone_6825_with_multiplatform_firmwareip_phone_7821_with_multiplatform_firmwareip_phone_6871_with_multiplatform_firmwareip_phone_6861_with_multiplatform_firmwareip_phone_6851_with_multiplatform_firmwareip_phone_8800_series_with_multiplatform_firmwarevideo_phone_8875_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20502
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.10% / 27.30%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 18:23
Updated-04 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-meraki_mx84meraki_mx64w_firmwaremeraki_mx600_firmwaremeraki_mx105meraki_mx250meraki_mx450meraki_mx105_firmwaremeraki_mx450_firmwaremeraki_z4cmeraki_z3c_firmwaremeraki_z3cmeraki_mx68cw_firmwaremeraki_mx100_firmwaremeraki_mx65meraki_mx85meraki_mx95_firmwaremeraki_z4c_firmwaremeraki_mx67cmeraki_mx64_firmwaremeraki_mx85_firmwaremeraki_mx95meraki_mx100meraki_mx68cwmeraki_z3_firmwaremeraki_mx75meraki_mx68w_firmwaremeraki_mx64wmeraki_mx250_firmwaremeraki_mx68meraki_mx67c_firmwaremeraki_mx68wmeraki_vmx_firmwaremeraki_mx400meraki_mx67wmeraki_mx65wmeraki_mx75_firmwaremeraki_mx67w_firmwaremeraki_z4_firmwaremeraki_mx600meraki_mx67meraki_z4meraki_z3meraki_mx64meraki_vmxmeraki_mx67_firmwaremeraki_mx65w_firmwaremeraki_mx68_firmwaremeraki_mx400_firmwaremeraki_mx65_firmwaremeraki_mx84_firmwareCisco Meraki MX Firmwaremeraki_z1meraki_mx
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-20436
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.72% / 71.58%
||
7 Day CHG+0.17%
Published-25 Sep, 2024 | 16:26
Updated-08 Oct, 2024 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Softwareios_xe
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-20314
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.17% / 77.79%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 16:57
Updated-30 Jul, 2025 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain IPv4 packets. An attacker could exploit this vulnerability by sending certain IPv4 packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Softwareios_xe
CWE ID-CWE-783
Operator Precedence Logic Error
CVE-2024-20375
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.33% / 55.59%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 17:02
Updated-01 Aug, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a crafted SIP message to an affected Cisco Unified CM or Cisco Unified CM SME device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communications of reliant voice and video devices.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_managerCisco Unified Communications Manager
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20484
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.84%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 16:29
Updated-04 Apr, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise Chat and Email Denial of Service Vulnerability

A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources > Services > Unified CCE > EAAS, then click Start.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_chat_and_emailCisco Enterprise Chat and Emailenterprise_chat_and_email
CWE ID-CWE-20
Improper Input Validation
CVE-2024-20290
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-3.21% / 86.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 16:16
Updated-13 Feb, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .

Action-Not Available
Vendor-Fedora ProjectCisco Systems, Inc.
Product-secure_endpointsecure_endpoint_private_cloudfedoraCisco Secure EndpointCisco Secure Endpoint Private Cloud Administration PortalCisco Secure Endpoint Private Cloud Console
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20451
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.91%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 16:48
Updated-23 Aug, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa_501g_firmwarespa_509g_firmwarespa_514g_4-line_ip_phonespa_508g_firmwarespa_301_1_line_ip_phonespa_525g2_5-line_ip_phonespa_303_3_line_ip_phonespa_514g_firmwarespa_525g2_firmwarespa_508g_8-line_ip_phonespa_301_firmwarespa_512g_firmwarespa_504g_4-line_ip_phonespa_303_firmwarespa_502g_1-line_ip_phonespa_504g_firmwarespa_525g_5-line_ip_phonespa_502g_firmwarespa_501g_8-line_ip_phonespa_509g_12-line_ip_phonespa_512g_1-line_ip_phonespa_525g_firmwareCisco Small Business IP Phones
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-20498
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.08% / 25.21%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 18:23
Updated-04 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-meraki_mx84meraki_mx64w_firmwaremeraki_mx600_firmwaremeraki_mx105meraki_mx250meraki_mx450meraki_mx105_firmwaremeraki_mx450_firmwaremeraki_z4cmeraki_z3c_firmwaremeraki_z3cmeraki_mx68cw_firmwaremeraki_mx100_firmwaremeraki_mx65meraki_mx85meraki_mx95_firmwaremeraki_z4c_firmwaremeraki_mx67cmeraki_mx64_firmwaremeraki_mx85_firmwaremeraki_mx95meraki_mx100meraki_mx68cwmeraki_z3_firmwaremeraki_mx75meraki_mx68w_firmwaremeraki_mx64wmeraki_mx250_firmwaremeraki_mx68meraki_mx67c_firmwaremeraki_mx68wmeraki_vmx_firmwaremeraki_mx400meraki_mx67wmeraki_mx65wmeraki_mx75_firmwaremeraki_mx67w_firmwaremeraki_z4_firmwaremeraki_mx600meraki_mx67meraki_z4meraki_z3meraki_mx64meraki_vmxmeraki_mx67_firmwaremeraki_mx65w_firmwaremeraki_mx68_firmwaremeraki_mx400_firmwaremeraki_mx65_firmwaremeraki_mx84_firmwareCisco Meraki MX Firmwaremeraki_z1meraki_mx
CWE ID-CWE-415
Double Free
CVE-2024-20304
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.10% / 27.54%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 16:39
Updated-03 Oct, 2024 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Packet Memory Exhaustion Vulnerability

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition. Note: This vulnerability can be exploited using IPv4 or IPv6.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Softwareios_xr
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-20501
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.08% / 25.21%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 18:23
Updated-04 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-meraki_mx84meraki_mx64w_firmwaremeraki_mx600_firmwaremeraki_mx105meraki_mx250meraki_mx450meraki_mx105_firmwaremeraki_mx450_firmwaremeraki_z4cmeraki_z3c_firmwaremeraki_z3cmeraki_mx68cw_firmwaremeraki_mx100_firmwaremeraki_mx65meraki_mx85meraki_mx95_firmwaremeraki_z4c_firmwaremeraki_mx67cmeraki_mx64_firmwaremeraki_mx85_firmwaremeraki_mx95meraki_mx100meraki_mx68cwmeraki_z3_firmwaremeraki_mx75meraki_mx68w_firmwaremeraki_mx64wmeraki_mx250_firmwaremeraki_mx68meraki_mx67c_firmwaremeraki_mx68wmeraki_vmx_firmwaremeraki_mx400meraki_mx67wmeraki_mx65wmeraki_mx75_firmwaremeraki_mx67w_firmwaremeraki_z4_firmwaremeraki_mx600meraki_mx67meraki_z4meraki_z3meraki_mx64meraki_vmxmeraki_mx67_firmwaremeraki_mx65w_firmwaremeraki_mx68_firmwaremeraki_mx400_firmwaremeraki_mx65_firmwaremeraki_mx84_firmwareCisco Meraki MX Firmwaremeraki_z1meraki_mx
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20307
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.23% / 78.35%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 17:23
Updated-30 Jul, 2025 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosios_xeCisco IOS XE SoftwareIOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-20505
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.55% / 67.06%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 21:23
Updated-25 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV Memory Handling DoS

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20380
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 64.91%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 19:19
Updated-23 Jul, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV HTML Parser Denial of Service Vulnerability

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

Action-Not Available
Vendor-Cisco Systems, Inc.ClamAV
Product-clamavClamAVclam_antivirus
CWE ID-CWE-475
Undefined Behavior for Input to API
CVE-2024-20499
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.08% / 25.21%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 18:23
Updated-04 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-meraki_mx84meraki_mx64w_firmwaremeraki_mx600_firmwaremeraki_mx105meraki_mx250meraki_mx450meraki_mx105_firmwaremeraki_mx450_firmwaremeraki_z4cmeraki_z3c_firmwaremeraki_z3cmeraki_mx68cw_firmwaremeraki_mx100_firmwaremeraki_mx65meraki_mx85meraki_mx95_firmwaremeraki_z4c_firmwaremeraki_mx67cmeraki_mx85_firmwaremeraki_mx64_firmwaremeraki_mx95meraki_mx100meraki_mx68cwmeraki_z3_firmwaremeraki_mx75meraki_mx68w_firmwaremeraki_mx64wmeraki_mx250_firmwaremeraki_mx68meraki_mx67c_firmwaremeraki_mx68wmeraki_vmx_firmwaremeraki_mx400meraki_mx67wmeraki_mx65wmeraki_mx75_firmwaremeraki_mx67w_firmwaremeraki_z4_firmwaremeraki_mx600meraki_mx67meraki_z4meraki_z3meraki_mx64meraki_vmxmeraki_mx67_firmwaremeraki_mx65w_firmwaremeraki_mx68_firmwaremeraki_mx400_firmwaremeraki_mx65_firmwaremeraki_mx84_firmwareCisco Meraki MX Firmwaremeraki_z1meraki_mx
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20308
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.99% / 75.97%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 17:22
Updated-30 Jun, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic..

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS XE SoftwareIOSios_xeios
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found