Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:cisco:ios:12.2\(31\)sga2:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-2058 |
The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336. Published: October 21, 2011; 10:59:19 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2011-2057 |
The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames, aka Bug ID CSCtq36327. Published: October 21, 2011; 10:59:19 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2011-1640 |
The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug ID CSCtj22354. Published: October 21, 2011; 10:59:19 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2011-3279 |
The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti98219. Published: October 03, 2011; 7:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2011-0946 |
The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712. Published: October 03, 2011; 7:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2010-4687 |
STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552. Published: January 07, 2011; 2:00:20 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-4686 |
CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950. Published: January 07, 2011; 2:00:20 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2010-4685 |
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. Published: January 07, 2011; 2:00:20 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2010-4684 |
Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. Published: January 07, 2011; 2:00:20 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2010-4683 |
Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. Published: January 07, 2011; 2:00:20 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-5040 |
CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. Published: January 07, 2011; 2:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-5039 |
Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535. Published: January 07, 2011; 2:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-5038 |
Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336. Published: January 07, 2011; 2:00:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2010-4671 |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534. Published: January 07, 2011; 7:00:49 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-2051 |
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987. Published: August 27, 2009; 1:00:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-5230 |
The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng. Published: November 25, 2008; 6:30:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-4963 |
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port. Published: November 06, 2008; 10:55:51 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2007-5547 |
Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Published: October 18, 2007; 4:17:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-5548 |
Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Published: October 18, 2007; 4:17:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2007-5549 |
Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Published: October 18, 2007; 4:17:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |