| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. |
| A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. |
| An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). |
| In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters. |
| Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload. |
| Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. |
| AAA authentication on Cisco systems allows attackers to execute commands without authorization. |
| The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. |
| The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. |
| Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled. |
| Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. |
| Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. |
| Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. |
| The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. |
| Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option. |
| Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. |
| Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. |
| Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. |
| Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka "failover denial of service." |
| Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. |
