Filtered by vendor Cisco
Subscribe
Total
6547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2242 | 1 Cisco | 1 Call Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe).
|
|||||
| CVE-2006-4352 | 1 Cisco | 1 Content Services Switch 11000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2001-0055 | 1 Cisco | 2 Broadband Operating System, Cisco 6xx Routers | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets.
|
|||||
| CVE-2002-1553 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.
|
|||||
| CVE-2005-1058 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations.
|
|||||
| CVE-2000-1055 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.
|
|||||
| CVE-2002-1102 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection.
|
|||||
| CVE-2006-0515 | 1 Cisco | 4 Adaptive Security Appliance Software, Firewall Services Module, Pix Firewall and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.
|
|||||
| CVE-2002-1190 | 1 Cisco | 1 Unity Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls.
|
|||||
| CVE-2002-2139 | 1 Cisco | 1 Pix Firewall Software | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.
|
|||||
| CVE-2006-0485 | 1 Cisco | 1 Ios | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049.
|
|||||
| CVE-2005-2631 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users.
|
|||||
| CVE-2006-4775 | 1 Cisco | 2 Catos, Ios | 2025-04-03 | 7.8 HIGH | N/A |
|
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context.
|
|||||
| CVE-2003-0512 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.
|
|||||
| CVE-2002-2053 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop.
|
|||||
| CVE-1999-1129 | 1 Cisco | 2 Catalyst 2900 Vlan, Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.
|
|||||
| CVE-2001-0752 | 1 Cisco | 1 Cbos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.
|
|||||
| CVE-2002-1104 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS).
|
|||||
| CVE-2003-0732 | 1 Cisco | 4 Ciscoworks Cd1, Ciscoworks Common Management Foundation, Resource Manager and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.
|
|||||
| CVE-2001-0862 | 1 Cisco | 1 12000 Router | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
|
|||||
| CVE-1999-0222 | 1 Cisco | 1 Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL.
|
|||||
| CVE-2006-1928 | 1 Cisco | 1 Ios Xr | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531.
|
|||||
| CVE-2004-1432 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed (1) IP or (2) ICMP packets.
|
|||||
| CVE-1999-0843 | 1 Cisco | 1 Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Cisco routers running NAT via a PORT command from an FTP client to a Telnet port.
|
|||||
| CVE-2002-1108 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel.
|
|||||
| CVE-2002-0852 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads.
|
|||||
| CVE-2003-1398 | 1 Cisco | 1 Ios | 2025-04-03 | 9.3 HIGH | N/A |
|
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
|
|||||
| CVE-2005-0598 | 1 Cisco | 10 Application And Content Networking Software, Content Delivery Manager, Content Distribution Manager 4630 and 7 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets.
|
|||||
| CVE-2002-0813 | 1 Cisco | 1 Ios | 2025-04-03 | 7.1 HIGH | N/A |
|
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
|
|||||
| CVE-2005-3482 | 1 Cisco | 3 Aironet Ap1131, Aironet Ap1200, Aironet Ap1240 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic to a secure network using frames with the MAC address of an authenticated end host.
|
|||||
| CVE-2005-0612 | 1 Cisco | 7 Ipvc-3510-mcu, Ipvc-3520-gw-2b, Ipvc-3520-gw-2b2v and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain hard-coded default SNMP community strings, which allows remote attackers to gain access, cause a denial of service, and modify configuration.
|
|||||
| CVE-2004-1454 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.
|
|||||
| CVE-2001-0537 | 1 Cisco | 1 Ios | 2025-04-03 | 9.3 HIGH | N/A |
|
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
|
|||||
| CVE-2005-2244 | 1 Cisco | 1 Call Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow.
|
|||||
| CVE-2002-0954 | 1 Cisco | 1 Pix Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques.
|
|||||
| CVE-1999-1306 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.
|
|||||
| CVE-2006-3733 | 1 Cisco | 1 Security Monitoring Analysis And Response System | 2025-04-03 | 7.5 HIGH | N/A |
|
jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.
|
|||||
| CVE-2001-0056 | 1 Cisco | 1 Broadband Operating System | 2025-04-03 | 7.5 HIGH | N/A |
|
The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection.
|
|||||
| CVE-2006-3595 | 1 Cisco | 1 Router Web Setup | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
|
|||||
| CVE-2004-1112 | 2 Cisco, Okena | 2 Security Agent, Stormwatch | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.
|
|||||