Skip to main content

iOS

574 CVEs product

Monthly

CVE-2017-12289 MEDIUM This Month

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2017-12228 MEDIUM This Month

A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Authentication Bypass Cisco Information Disclosure iOS +1
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-12211 MEDIUM This Month

A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Information Disclosure iOS Ios Xe
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2017-6770 MEDIUM This Month

Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Code Injection Cisco Nx Os Nx Os For Nexus 5500 Platform Switches +5
NVD
CVSS 3.1
4.2
EPSS
0.6%
CVE-2017-6665 MEDIUM This Month

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2012-5030 MEDIUM PATCH This Month

Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apple Cisco iOS
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-6624 MEDIUM This Month

A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Privilege Escalation iOS
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-3863 HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-3862 HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-3861 HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-3860 HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-3864 HIGH This Week

A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2017-3857 HIGH This Week

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2017-3850 MEDIUM This Month

A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Apple Cisco iOS Ios Xe
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2017-3849 HIGH This Week

A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16). Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco iOS Ios Xe
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2017-3803 MEDIUM This Month

A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco iOS
NVD VulDB
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-9201 HIGH This Week

A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-6474 HIGH This Week

A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass iOS
NVD
CVSS 3.0
7.3
EPSS
0.3%
CVE-2016-6473 MEDIUM This Month

A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-6422 HIGH This Week

Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass iOS
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6423 MEDIUM This Month

The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-6393 HIGH This Week

The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
9.1%
CVE-2016-6391 HIGH This Week

Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-6385 HIGH This Week

Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2016-6380 HIGH This Week

The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe +4
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2016-6379 HIGH This Week

Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-6392 HIGH This Week

Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-6384 HIGH This Week

Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2016-6382 HIGH This Week

Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 3.0
7.5
EPSS
7.7%
CVE-2016-6381 HIGH This Week

Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe +4
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-6412 MEDIUM This Month

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-6410 MEDIUM This Month

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-6409 HIGH This Week

The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-6414 HIGH This Week

iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Apple Cisco iOS
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2014-2146 MEDIUM This Month

The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass iOS Ios Xe
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-6404 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Cisco iOS
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-6403 MEDIUM This Month

The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2016-6398 MEDIUM This Month

The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-1478 HIGH This Week

Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2016-1459 MEDIUM This Month

Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2016-1425 MEDIUM This Month

Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Buffer Overflow iOS
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2015-6289 HIGH Act Now

Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.7% and no vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.0
7.5
EPSS
11.7%
CVE-2016-1424 MEDIUM This Month

Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Buffer Overflow iOS
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-1409 HIGH This Week

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe +2
NVD
CVSS 3.0
7.5
EPSS
4.9%
CVE-2016-1399 HIGH This Week

The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-1384 HIGH This Week

The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Cisco iOS Ios Xe
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-1378 MEDIUM This Month

Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-1351 HIGH This Week

The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Nx Os
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2016-1347 HIGH This Week

The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2016-1333 MEDIUM This Month

Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2015-6429 MEDIUM This Month

The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-6359 MEDIUM This Month

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Buffer Overflow iOS
NVD
CVSS 2.0
6.1
EPSS
0.2%
CVE-2015-6385 HIGH This Week

The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-6375 LOW Monitor

The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-6365 MEDIUM This Month

Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass iOS
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-6366 MEDIUM This Month

Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass iOS
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-6343 MEDIUM This Month

The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-6263 MEDIUM This Month

The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers,. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2015-6280 CRITICAL Act Now

The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Authentication Bypass iOS Ios Xe
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2015-6279 HIGH This Week

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2015-6278 HIGH This Week

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2015-6294 MEDIUM This Month

Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
6.1
EPSS
0.3%
CVE-2015-0681 HIGH This Week

The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2015-4199 HIGH This Week

Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2015-4203 MEDIUM This Month

Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS
NVD
CVSS 2.0
5.4
EPSS
0.7%
CVE-2015-4200 HIGH This Week

Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
7.8
EPSS
0.9%
CVE-2015-4202 MEDIUM This Month

Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-4185 MEDIUM This Month

The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple Privilege Escalation Cisco iOS
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-0771 MEDIUM This Month

The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2015-0731 MEDIUM This Month

The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
6.1
EPSS
0.3%
CVE-2015-0709 MEDIUM This Month

Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe iOS
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-0708 MEDIUM This Month

Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe iOS
NVD
CVSS 2.0
6.1
EPSS
0.2%
CVE-2015-0687 MEDIUM This Month

The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2015-0650 HIGH This Week

The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe iOS
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-0649 HIGH This Week

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-0648 HIGH This Week

Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-0647 HIGH This Week

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-0646 HIGH This Week

Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe iOS
NVD
CVSS 2.0
7.8
EPSS
0.9%
CVE-2015-0643 HIGH This Week

Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe iOS
NVD
CVSS 2.0
7.8
EPSS
1.1%
CVE-2015-0642 HIGH This Week

Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe iOS
NVD
CVSS 2.0
7.8
EPSS
1.2%
CVE-2015-0638 HIGH This Week

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
7.1
EPSS
0.4%
CVE-2015-0637 HIGH This Week

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe iOS
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-0636 HIGH This Week

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe iOS
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-0635 CRITICAL Act Now

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe iOS
NVD
CVSS 2.0
9.0
EPSS
0.3%
CVE-2015-0669 MEDIUM This Month

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2015-0659 MEDIUM This Month

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-0607 MEDIUM This Month

The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Authentication Bypass iOS
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0598 MEDIUM This Month

The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-0632 MEDIUM This Month

Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the. Rated medium severity (CVSS 5.7). No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS +1
NVD
CVSS 2.0
5.7
EPSS
0.2%
CVE-2015-0609 HIGH This Week

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS
NVD
CVSS 2.0
7.1
EPSS
0.6%
EPSS 0% CVSS 4.4
MEDIUM This Month

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Authentication Bypass Cisco +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Information Disclosure +2
NVD
EPSS 1% CVSS 4.2
MEDIUM This Month

Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Code Injection Cisco +7
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apple Cisco +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Privilege Escalation +1
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple +3
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple +3
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple +3
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple +3
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco +2
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Apple Cisco +2
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16). Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco +1
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 9% CVSS 7.5
HIGH This Week

The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 2% CVSS 8.1
HIGH This Week

The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Cisco Denial Of Service +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 8% CVSS 7.5
HIGH This Week

Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +6
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Apple Cisco +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Cisco +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco +2
NVD
EPSS 12% CVSS 7.5
HIGH Act Now

Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.7% and no vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco +2
NVD
EPSS 5% CVSS 7.5
HIGH This Week

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Cisco +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 4% CVSS 7.5
HIGH This Week

The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers,. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Authentication Bypass +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 1% CVSS 7.1
HIGH This Week

The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service +2
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple Privilege Escalation Cisco +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Authentication Bypass +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the. Rated medium severity (CVSS 5.7). No vendor patch available.

Race Condition Apple Denial Of Service +3
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service +2
NVD
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy