This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2013-03-28
Product Ios Last view 2024-09-25
Version 15.2(5)e2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:cisco:ios

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2024-09-25 CVE-2024-20433

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An attacker could exploit this vulnerability by sending RSVP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

9.1 2023-09-27 CVE-2023-20186

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP).

This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device.

6.6 2023-09-27 CVE-2023-20109

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash.

This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory.

7.5 2023-03-23 CVE-2023-20080

A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly.

7.7 2022-10-10 CVE-2022-20920

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.

4.6 2022-04-15 CVE-2022-20661

Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

6.5 2021-09-23 CVE-2021-34703

A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a specific state. An unauthenticated, adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then waiting for an administrator of the device or a network management system (NMS) managing the device to retrieve the LLDP neighbor table of the device via either the CLI or SNMP. An authenticated, adjacent attacker with SNMP read-only credentials or low privileges on the device CLI could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then accessing the LLDP neighbor table via either the CLI or SNMP. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a reload of the device.

7.7 2021-09-23 CVE-2021-34699

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

7.7 2021-09-23 CVE-2021-1620

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition.

7.5 2021-03-24 CVE-2021-1460

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition.

7.8 2021-03-24 CVE-2021-1392

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability exists because incorrect permissions are associated with the show cip security CLI command. An attacker could exploit this vulnerability by issuing the command to retrieve the password for CIP on an affected device. A successful exploit could allow the attacker to reconfigure the device.

6.7 2021-03-24 CVE-2021-1391

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege.

5.8 2021-03-24 CVE-2021-1377

A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful for legitimate hosts, resulting in a denial of service (DoS) condition.

8.8 2020-09-23 CVE-2019-16009

A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device.

4.7 2020-06-03 CVE-2020-3231

A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is received on the 802.1X-enabled port is mishandled. An attacker could exploit this vulnerability by sending broadcast traffic on the port before being authenticated. A successful exploit could allow the attacker to send and receive broadcast traffic on the 802.1X-enabled port before authentication.

7.5 2020-06-03 CVE-2020-3230

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach the maximum incoming negotiation limits and prevent further IKEv2 security associations from being formed.

8.6 2020-06-03 CVE-2020-3228

A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

8.6 2020-06-03 CVE-2020-3225

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

8.8 2020-06-03 CVE-2020-3217

A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol message to an affected device. An exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges, or to cause a process crash, which could result in a reload of the device and cause a DoS condition.

6.7 2020-06-03 CVE-2020-3204

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device.

7.7 2020-06-03 CVE-2020-3200

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

7.5 2019-09-25 CVE-2019-12655

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload.

6.7 2019-05-13 CVE-2019-1649

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.

4.3 2019-03-27 CVE-2019-1761

A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device.

5.9 2019-03-27 CVE-2019-1757

A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

CWE : Common Weakness Enumeration

%idName
26% (15) CWE-20 Improper Input Validation
19% (11) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (4) CWE-399 Resource Management Errors
7% (4) CWE-362 Race Condition
5% (3) CWE-665 Improper Initialization
3% (2) CWE-787 Out-of-bounds Write
3% (2) CWE-436 Interpretation Conflict
3% (2) CWE-295 Certificate Issues
3% (2) CWE-200 Information Exposure
1% (1) CWE-772 Missing Release of Resource after Effective Lifetime
1% (1) CWE-770 Allocation of Resources Without Limits or Throttling
1% (1) CWE-755 Improper Handling of Exceptional Conditions
1% (1) CWE-667 Insufficient Locking
1% (1) CWE-522 Insufficiently Protected Credentials
1% (1) CWE-489 Leftover Debug Code
1% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (1) CWE-352 Cross-Site Request Forgery (CSRF)
1% (1) CWE-264 Permissions, Privileges, and Access Controls
1% (1) CWE-189 Numeric Errors
1% (1) CWE-129 Improper Validation of Array Index
1% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...

OpenVAS Exploits

id Description
2016-05-04 Name : Cisco IOS Software and IOS XE Software LISP Denial of Service Vulnerability
File : nvt/gb_cisco_ios_Cisco-SA-20140514-CVE-2014-3262.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Multiple Operating Systems invalid DHCP option attempt
RuleID : 7196 - Type : OS-OTHER - Revision : 13
2020-12-05 Cisco IOS IKE2 invalid port denial of service attempt
RuleID : 54160 - Type : SERVER-OTHER - Revision : 1
2020-12-05 Cisco IOS IKE2 invalid port denial of service attempt
RuleID : 54159 - Type : SERVER-OTHER - Revision : 1
2020-12-05 Cisco IOS Web UI cross site request forgery attempt
RuleID : 52560 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 Cisco IOS Web UI cross site request forgery attempt
RuleID : 52559 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 Cisco IOS XE FTP Application Layer Gateway denial of service attempt
RuleID : 51646 - Type : SERVER-OTHER - Revision : 1
2020-12-05 Cisco IOS DHCP relay integer underflow attempt
RuleID : 46120 - Type : SERVER-OTHER - Revision : 1
2020-12-05 Cisco IOS DHCP relay reply integer underflow attempt
RuleID : 46119 - Type : SERVER-OTHER - Revision : 1
2017-09-28 Cisco IOS IKEv2 session initialization denial of service attempt
RuleID : 44464 - Type : SERVER-OTHER - Revision : 1
2017-09-28 Cisco IE2000 CIP forward open packet processing null pointer dereference attempt
RuleID : 44459 - Type : PROTOCOL-SCADA - Revision : 1
2017-09-28 Cisco IE2000 CIP get attributes all packet processing memory leak attempt
RuleID : 44458 - Type : PROTOCOL-SCADA - Revision : 1
2017-03-23 Cisco IOS L2TP invalid message digest AVP denial of service attempt
RuleID : 42070 - Type : SERVER-OTHER - Revision : 1
2017-03-23 Cisco IOS DHCP client dummy XID denial of service attempt
RuleID : 42060 - Type : SERVER-OTHER - Revision : 3
2016-09-29 Cisco IOS malformed H.450 PER data out of bounds read attempt
RuleID : 40298 - Type : PROTOCOL-VOIP - Revision : 1
2016-10-10 Cisco IOS Group-Prime SHA memory disclosure attempt
RuleID : 40222-community - Type : SERVER-OTHER - Revision : 5
2016-09-16 Cisco IOS Group-Prime SHA memory disclosure attempt
RuleID : 40222 - Type : SERVER-OTHER - Revision : 5
2016-10-10 Cisco IOS Group-Prime MD5 memory disclosure attempt
RuleID : 40221-community - Type : SERVER-OTHER - Revision : 5
2016-09-16 Cisco IOS Group-Prime MD5 memory disclosure attempt
RuleID : 40221 - Type : SERVER-OTHER - Revision : 5
2016-10-10 Cisco IOS Group-Prime memory disclosure exfiltration attempt
RuleID : 40220-community - Type : SERVER-OTHER - Revision : 6
2016-09-16 Cisco IOS Group-Prime memory disclosure exfiltration attempt
RuleID : 40220 - Type : SERVER-OTHER - Revision : 6

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-17 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20180328-dhcpr3-iosxe.nasl - Type: ACT_GATHER_INFO
2018-04-17 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20180328-dhcpr3-ios.nasl - Type: ACT_GATHER_INFO
2018-04-06 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20180328-lldp-iosxr.nasl - Type: ACT_GATHER_INFO
2018-04-06 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20180328-lldp-iosxe.nasl - Type: ACT_GATHER_INFO
2018-04-06 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20180328-lldp-ios.nasl - Type: ACT_GATHER_INFO
2017-10-06 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-ike-ios_xe.nasl - Type: ACT_GATHER_INFO
2017-10-06 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-ike-ios.nasl - Type: ACT_GATHER_INFO
2017-10-05 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-vpls.nasl - Type: ACT_GATHER_INFO
2017-10-05 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-rbip-dos.nasl - Type: ACT_GATHER_INFO
2017-10-05 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-profinet.nasl - Type: ACT_GATHER_INFO
2017-10-05 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-nat.nasl - Type: ACT_GATHER_INFO
2017-10-05 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-cip.nasl - Type: ACT_GATHER_INFO
2017-10-02 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170927-dhcp-ios.nasl - Type: ACT_GATHER_INFO
2017-07-07 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170629-snmp-ios.nasl - Type: ACT_GATHER_INFO
2017-07-07 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170629-snmp-iosxe.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170322-l2tp-iosxe.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170322-l2tp-ios.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170322-dhcpc-iosxe.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170322-dhcpc-ios.nasl - Type: ACT_GATHER_INFO
2017-01-26 Name: A remote device is affected by an information disclosure vulnerability.
File: cisco_ikev1_info_disclosure.nasl - Type: ACT_ATTACK
2016-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160916-ikev1-iosxr.nasl - Type: ACT_GATHER_INFO
2016-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160916-ikev1-iosxe.nasl - Type: ACT_GATHER_INFO
2016-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160916-ikev1-ios.nasl - Type: ACT_GATHER_INFO
2016-06-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-CSCun96847-iosxe.nasl - Type: ACT_GATHER_INFO
2016-06-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-CSCun94946-ios.nasl - Type: ACT_GATHER_INFO