This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2016-05-29
Product Ios Last view 2021-09-23
Version 15.6(2)s1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:cisco:ios

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.3 2021-09-23 CVE-2021-34705

A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers.

6.5 2021-09-23 CVE-2021-34703

A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a specific state. An unauthenticated, adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then waiting for an administrator of the device or a network management system (NMS) managing the device to retrieve the LLDP neighbor table of the device via either the CLI or SNMP. An authenticated, adjacent attacker with SNMP read-only credentials or low privileges on the device CLI could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then accessing the LLDP neighbor table via either the CLI or SNMP. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a reload of the device.

7.7 2021-09-23 CVE-2021-34699

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

7.7 2021-09-23 CVE-2021-1620

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition.

7.5 2021-03-24 CVE-2021-1460

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition.

8.8 2020-09-23 CVE-2019-16009

A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device.

7.5 2020-06-03 CVE-2020-3230

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach the maximum incoming negotiation limits and prevent further IKEv2 security associations from being formed.

8.8 2020-06-03 CVE-2020-3217

A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol message to an affected device. An exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges, or to cause a process crash, which could result in a reload of the device and cause a DoS condition.

6.7 2020-06-03 CVE-2020-3204

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device.

6 2020-06-03 CVE-2020-3201

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by executing crafted Tcl arguments on an affected device. An exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

7.7 2020-06-03 CVE-2020-3200

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

7.5 2019-09-25 CVE-2019-12655

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload.

6.7 2019-05-13 CVE-2019-1649

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.

4.3 2019-03-27 CVE-2019-1761

A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device.

5.9 2019-03-27 CVE-2019-1757

A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

7.4 2019-03-27 CVE-2019-1748

A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software.

7.5 2019-03-27 CVE-2019-1740

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

7.5 2019-03-27 CVE-2019-1739

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

7.5 2019-03-27 CVE-2019-1738

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

8.6 2019-03-27 CVE-2019-1737

A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device.

6.5 2018-10-05 CVE-2018-0197

A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software, are operating in VTP client mode or VTP server mode, and do not have a VTP domain name configured. The default configuration for Cisco devices that are running Cisco IOS Software or Cisco IOS XE Software and support VTP is to operate in VTP server mode with no domain name configured.

4.4 2017-10-19 CVE-2017-12289

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug logging that causes sensitive information to be written to the log file. This information should be restricted. An attacker who has valid administrative credentials could exploit this vulnerability by authenticating to the device and enabling conditional, verbose debug logging for IPsec and viewing the log file. An exploit could allow the attacker to access sensitive information related to the IPsec configuration. Cisco Bug IDs: CSCvf12081.

7.5 2017-09-28 CVE-2017-12237

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled. A device does not need to be configured with any IKEv2-specific features to be vulnerable. Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN; Remote-access VPN, excluding SSL VPN; Dynamic Multipoint VPN (DMVPN); and FlexVPN. Cisco Bug IDs: CSCvc41277.

7.5 2017-09-28 CVE-2017-12231

A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217.

5.9 2017-09-28 CVE-2017-12228

A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171.

CWE : Common Weakness Enumeration

%idName
41% (14) CWE-20 Improper Input Validation
8% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
8% (3) CWE-295 Certificate Issues
5% (2) CWE-665 Improper Initialization
5% (2) CWE-436 Interpretation Conflict
5% (2) CWE-200 Information Exposure
2% (1) CWE-772 Missing Release of Resource after Effective Lifetime
2% (1) CWE-770 Allocation of Resources Without Limits or Throttling
2% (1) CWE-667 Insufficient Locking
2% (1) CWE-399 Resource Management Errors
2% (1) CWE-352 Cross-Site Request Forgery (CSRF)
2% (1) CWE-319 Cleartext Transmission of Sensitive Information
2% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Snort® IPS/IDS

Date Description
2020-12-05 Cisco IOS IKE2 invalid port denial of service attempt
RuleID : 54160 - Type : SERVER-OTHER - Revision : 1
2020-12-05 Cisco IOS IKE2 invalid port denial of service attempt
RuleID : 54159 - Type : SERVER-OTHER - Revision : 1
2020-12-05 Cisco IOS Web UI cross site request forgery attempt
RuleID : 52560 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 Cisco IOS Web UI cross site request forgery attempt
RuleID : 52559 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 Cisco IOS XE FTP Application Layer Gateway denial of service attempt
RuleID : 51646 - Type : SERVER-OTHER - Revision : 1
2017-09-28 Cisco IOS IKEv2 session initialization denial of service attempt
RuleID : 44464 - Type : SERVER-OTHER - Revision : 1
2017-03-23 Cisco IOS L2TP invalid message digest AVP denial of service attempt
RuleID : 42070 - Type : SERVER-OTHER - Revision : 1
2017-03-23 Cisco IOS DHCP client dummy XID denial of service attempt
RuleID : 42060 - Type : SERVER-OTHER - Revision : 3
2017-03-23 Cisco IOS autonomic networking discovery denial of service attempt
RuleID : 42051 - Type : SERVER-OTHER - Revision : 1
2016-09-29 Cisco IOS malformed H.450 PER data out of bounds read attempt
RuleID : 40298 - Type : PROTOCOL-VOIP - Revision : 1
2016-10-10 Cisco IOS Group-Prime SHA memory disclosure attempt
RuleID : 40222-community - Type : SERVER-OTHER - Revision : 5
2016-09-16 Cisco IOS Group-Prime SHA memory disclosure attempt
RuleID : 40222 - Type : SERVER-OTHER - Revision : 5
2016-10-10 Cisco IOS Group-Prime MD5 memory disclosure attempt
RuleID : 40221-community - Type : SERVER-OTHER - Revision : 5
2016-09-16 Cisco IOS Group-Prime MD5 memory disclosure attempt
RuleID : 40221 - Type : SERVER-OTHER - Revision : 5
2016-10-10 Cisco IOS Group-Prime memory disclosure exfiltration attempt
RuleID : 40220-community - Type : SERVER-OTHER - Revision : 6
2016-09-16 Cisco IOS Group-Prime memory disclosure exfiltration attempt
RuleID : 40220 - Type : SERVER-OTHER - Revision : 6
2016-08-17 Cisco IOS truncated NTP packet processing denial of service attempt
RuleID : 39878 - Type : SERVER-OTHER - Revision : 4
2016-05-27 Cisco IOS NX invalid ICMPv6 neighbor discovery hop limit denial of service at...
RuleID : 39065 - Type : SERVER-OTHER - Revision : 1

Nessus® Vulnerability Scanner

id Description
2017-10-06 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-pnp-ios_xe.nasl - Type: ACT_GATHER_INFO
2017-10-06 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-pnp-ios.nasl - Type: ACT_GATHER_INFO
2017-10-06 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-ike-ios_xe.nasl - Type: ACT_GATHER_INFO
2017-10-06 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-ike-ios.nasl - Type: ACT_GATHER_INFO
2017-10-05 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-nat.nasl - Type: ACT_GATHER_INFO
2017-07-07 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170629-snmp-iosxe.nasl - Type: ACT_GATHER_INFO
2017-07-07 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170629-snmp-ios.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170322-dhcpc-ios.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170322-l2tp-iosxe.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170322-l2tp-ios.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170322-dhcpc-iosxe.nasl - Type: ACT_GATHER_INFO
2017-03-24 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170320-aniipv6-iosxe.nasl - Type: ACT_GATHER_INFO
2017-03-24 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170320-aniipv6-ios.nasl - Type: ACT_GATHER_INFO
2017-03-24 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170320-ani-iosxe.nasl - Type: ACT_GATHER_INFO
2017-03-24 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170320-ani-ios.nasl - Type: ACT_GATHER_INFO
2017-01-26 Name: A remote device is affected by an information disclosure vulnerability.
File: cisco_ikev1_info_disclosure.nasl - Type: ACT_ATTACK
2016-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160916-ikev1-iosxr.nasl - Type: ACT_GATHER_INFO
2016-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160916-ikev1-iosxe.nasl - Type: ACT_GATHER_INFO
2016-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160916-ikev1-ios.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160804-wedge-iosxe.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160804-wedge-ios.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_jsa10749.nasl - Type: ACT_GATHER_INFO