This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Name cpe:/h:cisco:ios:12.4xv
Detail
Vendor Cisco First view 2008-09-26
Product Ios Last view 2009-03-27
Version 12.4xv Type Hardware
Edition  
Language  
Update  
 
CPE Product cpe:/h:cisco:ios

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
7.1 2009-03-27 CVE-2009-0637 Network High Requires ...
5.4 2009-03-27 CVE-2009-0629 Network High None Requ...
4.3 2009-01-16 CVE-2008-3821 Network Medium None Requ...
7.8 2008-09-26 CVE-2008-3813 Network Low None Requ...
7.1 2008-09-26 CVE-2008-3812 Network Medium None Requ...
Hide | Show 2 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
7.1 2008-09-26 CVE-2008-3802 Network Medium None Requ...
7.8 2008-09-26 CVE-2008-2739 Network Low None Requ...

CWE : Common Weakness Enumeration

%idName
50% (1)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
50% (1)CWE-20Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idName
CAPEC-3Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7Blind SQL Injection
CAPEC-8Buffer Overflow in an API Call
CAPEC-9Buffer Overflow in Local Command-Line Utilities
CAPEC-10Buffer Overflow via Environment Variables
Hide | Show 20 More...
idName
CAPEC-13Subverting Environment Variable Values
CAPEC-14Client-side Injection-induced Buffer Overflow
CAPEC-18Embedding Scripts in Nonscript Elements
CAPEC-22Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24Filter Failure through Buffer Overflow
CAPEC-28Fuzzing
CAPEC-31Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32Embedding Scripts in HTTP Query Strings
CAPEC-42MIME Conversion
CAPEC-43Exploiting Multiple Input Interpretation Layers
CAPEC-45Buffer Overflow via Symbolic Links
CAPEC-46Overflow Variables and Tags
CAPEC-47Buffer Overflow via Parameter Expansion
CAPEC-52Embedding NULL Bytes
CAPEC-53Postfix, Null Terminate, and Backslash
CAPEC-63Simple Script Injection
CAPEC-64Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66SQL Injection
CAPEC-67String Format Overflow in syslog()
CAPEC-71Using Unicode Encoding to Bypass Validation Logic

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:6058Cisco IOS IPS Denial of Service Vulnerability
oval:org.mitre.oval:def:5889Cisco IOS Session Initiation Protocol Denial of Service Vulnerability
oval:org.mitre.oval:def:5302Cisco IOS Firewall Application Inspection Control Vulnerability
oval:org.mitre.oval:def:5362Cisco IOS Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability

Open Source Vulnerability Database (OSVDB)

idDescription
53136Cisco IOS Multiple Functionality Crafted TCP Packet Sequence Remote DoS
53132Cisco IOS SCP Server Role-based CLI Access Attached CLI View Remote File Mani...
51394Cisco IOS HTTP Server URL Strings Unspecified XSS
51393Cisco IOS HTTP Server /ping Script XSS
48734Cisco IOS Firewall Application Inspection Control (AIC) Malformed HTTP Transi...
Hide | Show 3 More...
idDescription
48733Cisco IOS Crafted Layer 2 Tunneling Protocol (L2TP) Packet Remote DoS
48716Cisco IOS SIP Packet Handling Unspecified Remote DoS (3802)
48711Cisco IOS Intrusion Prevention System (IPS) SERVICE.DNS Engine Signature Proc...

OpenVAS Exploits

idDescription
2009-06-05Name : Ubuntu USN-707-1 (cupsys)
File : nvt/ubuntu_707_1.nasl
2009-06-05Name : Ubuntu USN-743-1 (gs-gpl)
File : nvt/ubuntu_743_1.nasl
2009-06-05Name : Ubuntu USN-744-1 (lcms)
File : nvt/ubuntu_744_1.nasl
2009-01-20Name : Ubuntu USN-708-1 (hplip)
File : nvt/ubuntu_708_1.nasl

Nessus® Vulnerability Scanner

idDescription
2012-01-11Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sr-20090114-http.nasl - Type : ACT_GATHER_INFO
2010-09-01Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20080924-iosfwhttp.nasl - Type : ACT_GATHER_INFO
2010-09-01Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20080924-iosipshttp.nasl - Type : ACT_GATHER_INFO
2010-09-01Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20080924-l2tphttp.nasl - Type : ACT_GATHER_INFO
2010-09-01Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20080924-siphttp.nasl - Type : ACT_GATHER_INFO
Hide | Show 2 More...
idDescription
2010-09-01Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20090325-scphttp.nasl - Type : ACT_GATHER_INFO
2010-09-01Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20090325-tcphttp.nasl - Type : ACT_GATHER_INFO