National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:cisco:ios:12.2%2818%29sxf6
There are 52 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2014-3409

The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

Published: October 25, 2014; 06:55:05 AM -04:00
V2: 6.1 MEDIUM
CVE-2014-3262

The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782.

Published: May 16, 2014; 07:12:01 AM -04:00
V2: 4.3 MEDIUM
CVE-2012-3946

Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

Published: April 24, 2014; 06:55:02 AM -04:00
V2: 5.0 MEDIUM
CVE-2012-5427

Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518.

Published: April 23, 2014; 07:52:59 AM -04:00
V2: 4.0 MEDIUM
CVE-2012-5044

Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.

Published: April 23, 2014; 07:52:59 AM -04:00
V2: 5.4 MEDIUM
CVE-2012-5422

Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009.

Published: April 23, 2014; 07:52:59 AM -04:00
V2: 6.8 MEDIUM
CVE-2012-5037

The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133.

Published: April 23, 2014; 07:52:59 AM -04:00
V2: 4.6 MEDIUM
CVE-2012-5039

The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.

Published: April 23, 2014; 07:52:59 AM -04:00
V2: 4.3 MEDIUM
CVE-2012-5017

Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268.

Published: April 23, 2014; 07:52:59 AM -04:00
V2: 6.8 MEDIUM
CVE-2012-5032

The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641.

Published: April 23, 2014; 07:52:59 AM -04:00
V2: 6.4 MEDIUM
CVE-2012-4658

The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447.

Published: April 23, 2014; 07:52:59 AM -04:00
V2: 5.0 MEDIUM
CVE-2012-5014

Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436.

Published: April 23, 2014; 07:52:59 AM -04:00
V2: 6.3 MEDIUM
CVE-2012-4651

Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451.

Published: April 23, 2014; 07:52:59 AM -04:00
V2: 4.3 MEDIUM
CVE-2012-3918

Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Published: April 23, 2014; 07:52:59 AM -04:00
V2: 4.3 MEDIUM
CVE-2014-2143

The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.

Published: April 04, 2014; 11:10:37 AM -04:00
V2: 5.0 MEDIUM
CVE-2014-2124

Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783.

Published: March 20, 2014; 09:04:02 PM -04:00
V2: 7.1 HIGH
CVE-2013-6693

The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345.

Published: November 21, 2013; 08:55:04 PM -05:00
V2: 5.4 MEDIUM
CVE-2013-6686

The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.

Published: November 17, 2013; 10:55:06 PM -05:00
V2: 6.8 MEDIUM
CVE-2013-5552

Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143.

Published: November 13, 2013; 10:55:03 AM -05:00
V2: 6.4 MEDIUM
CVE-2011-2059

The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a Hop-by-Hop (HBH) extension header (EH) with a 0x0c01050c value in the PadN option data, aka Bug ID CSCtq02219.

Published: October 21, 2011; 10:59:19 PM -04:00
V2: 5.0 MEDIUM