This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2012-03-29
Product Ios Last view 2021-03-24
Version 15.2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:cisco:ios

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2021-03-24 CVE-2021-1460

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition.

8.8 2020-09-23 CVE-2019-16009

A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device.

7.5 2019-09-25 CVE-2019-12655

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload.

6.7 2019-05-13 CVE-2019-1649

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.

4.4 2017-10-19 CVE-2017-12289

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug logging that causes sensitive information to be written to the log file. This information should be restricted. An attacker who has valid administrative credentials could exploit this vulnerability by authenticating to the device and enabling conditional, verbose debug logging for IPsec and viewing the log file. An exploit could allow the attacker to access sensitive information related to the IPsec configuration. Cisco Bug IDs: CSCvf12081.

8.8 2017-07-17 CVE-2017-6743

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60376, CSCve78027.

8.6 2017-03-22 CVE-2017-3864

A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and using a specific DHCP client configuration. Cisco Bug IDs: CSCuu43892.

7.5 2017-03-22 CVE-2017-3857

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078.

7.5 2016-10-05 CVE-2016-6393

The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667.

7.5 2016-10-05 CVE-2016-6384

Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257.

6.5 2016-09-22 CVE-2014-2146

The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.

7.5 2016-09-18 CVE-2016-6415

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

5.9 2016-09-18 CVE-2016-6403

The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912.

7.8 2015-03-26 CVE-2015-0650

The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579.

7.8 2015-03-26 CVE-2015-0646

Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811.

7.8 2015-03-26 CVE-2015-0643

Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (memory consumption and device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuo75572.

7.8 2015-03-26 CVE-2015-0642

Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951.

7.1 2015-02-15 CVE-2015-0609

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752.

4.3 2015-02-11 CVE-2015-0610

Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071.

7.1 2015-02-11 CVE-2015-0608

Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736.

7.8 2015-02-11 CVE-2015-0592

The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672.

7.8 2015-01-28 CVE-2015-0586

The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR process hang) via IPv4 packets, aka Bug ID CSCuo73682.

7.1 2014-09-25 CVE-2014-3361

The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.

7.8 2014-09-25 CVE-2014-3360

Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCul46586.

7.8 2014-09-25 CVE-2014-3359

Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed DHCPv6 packets, aka Bug ID CSCum90081.

CWE : Common Weakness Enumeration

%idName
35% (29) CWE-20 Improper Input Validation
25% (21) CWE-399 Resource Management Errors
10% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (6) CWE-362 Race Condition
3% (3) CWE-200 Information Exposure
3% (3) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
2% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (2) CWE-264 Permissions, Privileges, and Access Controls
1% (1) CWE-667 Insufficient Locking
1% (1) CWE-352 Cross-Site Request Forgery (CSRF)
1% (1) CWE-310 Cryptographic Issues
1% (1) CWE-284 Access Control (Authorization) Issues
1% (1) CWE-269 Improper Privilege Management
1% (1) CWE-189 Numeric Errors
1% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...

OpenVAS Exploits

id Description
2016-05-04 Name : Cisco IOS Software and IOS XE Software LISP Denial of Service Vulnerability
File : nvt/gb_cisco_ios_Cisco-SA-20140514-CVE-2014-3262.nasl
2016-05-04 Name : Cisco IOS Software Network Address Translation Vulnerabilities
File : nvt/gb_cisco_ios_cisco-sa-20140326-nat.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0175 Multiple Vulnerabilities in Cisco IOS XE
Severity: Category I - VMSKEY: V0061141
2014-A-0045 Multiple Vulnerabilities in Cisco IOS
Severity: Category I - VMSKEY: V0047591
2014-A-0046 Multiple Vulnerabilities in Cisco IOS XE
Severity: Category I - VMSKEY: V0047593
2013-A-0185 Multiple Vulnerabilities in Cisco IOS XE
Severity: Category I - VMSKEY: V0040708
2013-A-0184 Multiple Vulnerabilities in Cisco IOS
Severity: Category I - VMSKEY: V0040709

Snort® IPS/IDS

Date Description
2020-12-05 Cisco IOS Web UI cross site request forgery attempt
RuleID : 52560 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 Cisco IOS Web UI cross site request forgery attempt
RuleID : 52559 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 Cisco IOS XE FTP Application Layer Gateway denial of service attempt
RuleID : 51646 - Type : SERVER-OTHER - Revision : 1
2017-09-21 Cisco IOS ipnat_dns_shift_data integer underflow attempt
RuleID : 44379 - Type : PROTOCOL-DNS - Revision : 3
2017-08-15 Cisco IOS DHCP denial of service attempt
RuleID : 43573 - Type : SERVER-OTHER - Revision : 2
2017-03-23 Cisco IOS L2TP invalid message digest AVP denial of service attempt
RuleID : 42070 - Type : SERVER-OTHER - Revision : 1
2017-03-23 Cisco IOS DHCP client dummy XID denial of service attempt
RuleID : 42060 - Type : SERVER-OTHER - Revision : 3
2016-09-29 Cisco IOS malformed H.450 PER data out of bounds read attempt
RuleID : 40298 - Type : PROTOCOL-VOIP - Revision : 1
2016-10-10 Cisco IOS Group-Prime SHA memory disclosure attempt
RuleID : 40222-community - Type : SERVER-OTHER - Revision : 5
2016-09-16 Cisco IOS Group-Prime SHA memory disclosure attempt
RuleID : 40222 - Type : SERVER-OTHER - Revision : 5
2016-10-10 Cisco IOS Group-Prime MD5 memory disclosure attempt
RuleID : 40221-community - Type : SERVER-OTHER - Revision : 5
2016-09-16 Cisco IOS Group-Prime MD5 memory disclosure attempt
RuleID : 40221 - Type : SERVER-OTHER - Revision : 5
2016-10-10 Cisco IOS Group-Prime memory disclosure exfiltration attempt
RuleID : 40220-community - Type : SERVER-OTHER - Revision : 6
2016-09-16 Cisco IOS Group-Prime memory disclosure exfiltration attempt
RuleID : 40220 - Type : SERVER-OTHER - Revision : 6
2015-03-27 Cisco IOS mDNS denial of service attempt
RuleID : 33929 - Type : SERVER-OTHER - Revision : 2
2015-03-27 Cisco IOS mDNS denial of service attempt
RuleID : 33928 - Type : SERVER-OTHER - Revision : 2
2014-11-16 Cisco IOS mDNS malformed rrlength denial of service attempt
RuleID : 31984 - Type : OS-OTHER - Revision : 2
2014-11-16 DHCPv6 flood denial of service attempt
RuleID : 31983 - Type : OS-OTHER - Revision : 2
2014-11-16 Cisco IOS mdns memory leak
RuleID : 31982 - Type : SERVER-OTHER - Revision : 1
2014-11-16 Cisco IOS RSVP Path message with no session attribute denial of service attempt
RuleID : 31980 - Type : SERVER-OTHER - Revision : 1
2014-11-16 Cisco IOS EnergyWise malformed packet denial of service attempt
RuleID : 31616 - Type : OS-OTHER - Revision : 4
2014-11-16 Cisco IOS EnergyWise malformed packet denial of service attempt
RuleID : 31615 - Type : OS-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-07-07 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170629-snmp-iosxe.nasl - Type: ACT_GATHER_INFO
2017-07-07 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170629-snmp-ios.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170322-l2tp-iosxe.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170322-l2tp-ios.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170322-dhcpc-iosxe.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170322-dhcpc-ios.nasl - Type: ACT_GATHER_INFO
2017-01-26 Name: A remote device is affected by an information disclosure vulnerability.
File: cisco_ikev1_info_disclosure.nasl - Type: ACT_ATTACK
2016-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160916-ikev1-iosxr.nasl - Type: ACT_GATHER_INFO
2016-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160916-ikev1-iosxe.nasl - Type: ACT_GATHER_INFO
2016-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160916-ikev1-ios.nasl - Type: ACT_GATHER_INFO
2016-06-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-CSCun96847-iosxe.nasl - Type: ACT_GATHER_INFO
2016-06-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-CSCun94946-ios.nasl - Type: ACT_GATHER_INFO
2015-04-03 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20150325-ikev2-ios.nasl - Type: ACT_GATHER_INFO
2015-04-03 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20150325-ikev2-iosxe.nasl - Type: ACT_GATHER_INFO
2015-04-03 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20150325-mdns-ios.nasl - Type: ACT_GATHER_INFO
2015-04-03 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20150325-tcpleak-ios.nasl - Type: ACT_GATHER_INFO
2015-04-03 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20150325-tcpleak-iosxe.nasl - Type: ACT_GATHER_INFO
2015-04-03 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20150325-mdns-iosxe.nasl - Type: ACT_GATHER_INFO
2014-11-14 Name: The remote device is running a vulnerable IOS XE version.
File: cisco-sn-CVE-2014-3262-iosxe.nasl - Type: ACT_GATHER_INFO
2014-11-14 Name: The remote device is running a vulnerable IOS version.
File: cisco-sn-CVE-2014-3262-ios.nasl - Type: ACT_GATHER_INFO
2014-10-02 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20140924-mdns.nasl - Type: ACT_GATHER_INFO
2014-10-02 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20140924-dhcpv6-iosxe.nasl - Type: ACT_GATHER_INFO
2014-10-02 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20140924-dhcpv6.nasl - Type: ACT_GATHER_INFO
2014-10-02 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20140924-mdns-iosxe.nasl - Type: ACT_GATHER_INFO
2014-10-02 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20140924-rsvp-iosxe.nasl - Type: ACT_GATHER_INFO