CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-6407 399 DoS 2016-09-16 2016-09-19
5.0
None Remote Low Not required None None Partial
Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.
2 CVE-2016-6403 399 DoS 2016-09-18 2016-09-19
4.3
None Remote Medium Not required None None Partial
The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912.
3 CVE-2016-6401 399 DoS 2016-09-16 2016-09-19
5.7
None Local Network Medium Not required None None Complete
Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494.
4 CVE-2016-6399 20 DoS 2016-09-12 2016-09-12
7.8
None Remote Low Not required None None Complete
Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317.
5 CVE-2016-6376 399 DoS 2016-09-01 2016-09-02
6.1
None Local Network Low Not required None None Complete
The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263.
6 CVE-2016-6375 399 DoS 2016-09-11 2016-09-12
5.7
None Local Network Medium Not required None None Complete
Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221.
7 CVE-2016-6363 119 DoS Overflow 2016-08-22 2016-08-22
6.1
None Local Network Low Not required None None Complete
The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192.
8 CVE-2016-6361 20 DoS 2016-08-22 2016-08-22
6.1
None Local Network Low Not required None None Complete
The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288.
9 CVE-2016-6355 399 DoS 2016-08-22 2016-08-23
7.8
None Remote Low Not required None None Complete
Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791.
10 CVE-2016-1483 20 DoS 2016-09-18 2016-09-19
7.8
None Remote Low Not required None None Complete
Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704.
11 CVE-2016-1479 20 DoS Mem. Corr. 2016-08-22 2016-08-22
7.8
None Remote Low Not required None None Complete
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.
12 CVE-2016-1478 20 DoS 2016-08-07 2016-08-11
7.8
None Remote Low Not required None None Complete
Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619.
13 CVE-2016-1472 20 DoS 2016-09-01 2016-09-02
5.0
None Remote Low Not required None None Partial
The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238.
14 CVE-2016-1469 399 DoS 2016-09-11 2016-09-12
7.8
None Remote Low Not required None None Complete
The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.
15 CVE-2016-1467 399 DoS 2016-07-27 2016-07-28
6.1
None Local Network Low Not required None None Complete
Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813.
16 CVE-2016-1466 399 DoS 2016-08-07 2016-08-11
7.8
None Remote Low Not required None None Complete
Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072.
17 CVE-2016-1465 399 DoS 2016-07-27 2016-07-28
6.1
None Local Network Low Not required None None Complete
Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985.
18 CVE-2016-1460 399 DoS 2016-07-27 2016-07-28
6.1
None Local Network Low Not required None None Complete
Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979.
19 CVE-2016-1459 399 DoS 2016-07-17 2016-07-19
4.9
None Remote High Single system None None Complete
Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061.
20 CVE-2016-1440 399 DoS 2016-07-02 2016-07-05
5.0
None Remote Low Not required None None Partial
The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468.
21 CVE-2016-1436 119 DoS Overflow 2016-06-22 2016-06-23
5.0
None Remote Low Not required None None Partial
The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198.
22 CVE-2016-1433 399 DoS 2016-09-18 2016-09-19
5.0
None Remote Low Not required None None Partial
Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289.
23 CVE-2016-1432 399 DoS 2016-06-17 2016-06-20
6.8
None Remote Low Single system None None Complete
Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862.
24 CVE-2016-1428 399 DoS 2016-06-22 2016-06-23
6.8
None Remote Low Single system None None Complete
Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174.
25 CVE-2016-1426 399 DoS 2016-07-15 2016-07-18
7.8
None Remote Low Not required None None Complete
Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819.
26 CVE-2016-1425 119 DoS Overflow 2016-07-03 2016-07-05
6.1
None Local Network Low Not required None None Complete
Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735.
27 CVE-2016-1424 119 DoS Overflow 2016-06-18 2016-06-20
6.1
None Local Network Low Not required None None Complete
Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132.
28 CVE-2016-1421 119 DoS Overflow 2016-06-09 2016-06-10
5.0
None Remote Low Not required None None Partial
The web application on Cisco IP 8800 devices allows remote attackers to cause a denial of service (out-of-bounds memory access and web-server outage) via a crafted request, aka Bug ID CSCuz03034.
29 CVE-2016-1419 20 DoS 2016-06-09 2016-06-10
6.8
None Local Network Low Not required None Partial Complete
Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.
30 CVE-2016-1415 399 DoS 2016-09-03 2016-09-06
4.3
None Remote Medium Not required None None Partial
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.
31 CVE-2016-1409 20 DoS 2016-05-29 2016-06-08
5.0
None Remote Low Not required None None Partial
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.
32 CVE-2016-1407 20 DoS 2016-05-24 2016-06-01
5.0
None Remote Low Not required None None Partial
Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576.
33 CVE-2016-1405 119 DoS Overflow 2016-06-08 2016-06-16
5.0
None Remote Low Not required None None Partial
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503.
34 CVE-2016-1402 119 DoS Overflow 2016-05-20 2016-05-25
5.0
None Remote Low Not required None None Partial
The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815.
35 CVE-2016-1400 20 DoS 2016-05-24 2016-05-25
5.0
None Remote Low Not required None None Partial
Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258.
36 CVE-2016-1399 399 DoS 2016-05-13 2016-05-18
5.0
None Remote Low Not required None None Partial
The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431.
37 CVE-2016-1398 119 DoS Overflow 2016-07-03 2016-07-05
6.8
None Remote Low Single system None None Complete
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669.
38 CVE-2016-1397 119 DoS Overflow 2016-06-18 2016-06-21
6.8
None Remote Low Single system None None Complete
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.
39 CVE-2016-1385 119 DoS Overflow 2016-05-26 2016-06-16
6.8
None Remote Low Single system None None Complete
The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209.
40 CVE-2016-1383 399 DoS 2016-05-24 2016-05-25
7.8
None Remote Low Not required None None Complete
Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305.
41 CVE-2016-1382 20 DoS 2016-05-24 2016-05-25
7.8
None Remote Low Not required None None Complete
Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529.
42 CVE-2016-1381 399 DoS 2016-05-24 2016-05-25
7.8
None Remote Low Not required None None Complete
Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270.
43 CVE-2016-1380 20 DoS 2016-05-24 2016-05-25
7.8
None Remote Low Not required None None Complete
Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171.
44 CVE-2016-1379 399 DoS 2016-05-27 2016-05-31
6.8
None Remote Low Single system None None Complete
Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576.
45 CVE-2016-1376 20 DoS 2016-04-12 2016-04-18
5.0
None Remote Low Not required None None Partial
Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548.
46 CVE-2016-1370 20 DoS 2016-06-02 2016-06-03
5.0
None Remote Low Not required None None Partial
Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324.
47 CVE-2016-1369 399 DoS 2016-05-05 2016-05-09
7.8
None Remote Low Not required None None Complete
The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922.
48 CVE-2016-1368 399 DoS 2016-05-05 2016-05-09
7.8
None Remote Low Not required None None Complete
Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214.
49 CVE-2016-1367 399 DoS 2016-04-21 2016-04-26
7.8
None Remote Low Not required None None Complete
The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID CSCus23248.
50 CVE-2016-1366 264 DoS 2016-03-24 2016-03-25
6.8
None Remote Low Single system None Complete None
The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.
Total number of vulnerabilities : 1198   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.