U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:cisco:ios:12.2%2833%29irg
There are 69 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2012-5014

Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436.

Published: April 23, 2014; 7:52:59 AM -0400
V3.x:(not available)
V2.0: 6.3 MEDIUM
CVE-2012-4651

Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451.

Published: April 23, 2014; 7:52:59 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-3918

Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Published: April 23, 2014; 7:52:59 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-2143

The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.

Published: April 04, 2014; 11:10:37 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-2124

Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783.

Published: March 20, 2014; 9:04:02 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2013-6693

The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345.

Published: November 21, 2013; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2013-6686

The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.

Published: November 17, 2013; 10:55:06 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-5552

Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143.

Published: November 13, 2013; 10:55:03 AM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2013-1142

Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745.

Published: March 28, 2013; 7:55:01 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2011-2059

The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a Hop-by-Hop (HBH) extension header (EH) with a 0x0c01050c value in the PadN option data, aka Bug ID CSCtq02219.

Published: October 21, 2011; 10:59:19 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-2058

The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336.

Published: October 21, 2011; 10:59:19 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2011-2057

The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames, aka Bug ID CSCtq36327.

Published: October 21, 2011; 10:59:19 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2011-1640

The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug ID CSCtj22354.

Published: October 21, 2011; 10:59:19 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2011-3279

The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti98219.

Published: October 03, 2011; 7:55:03 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2011-0946

The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712.

Published: October 03, 2011; 7:55:03 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2010-4687

STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552.

Published: January 07, 2011; 2:00:20 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-4686

CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950.

Published: January 07, 2011; 2:00:20 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2010-4685

Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031.

Published: January 07, 2011; 2:00:20 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2010-4684

Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877.

Published: January 07, 2011; 2:00:20 PM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2010-4683

Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733.

Published: January 07, 2011; 2:00:20 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH