CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco » IOS : Security Vulnerabilities Published In 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-2315 DoS 2002-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router.
2 CVE-2002-2239 20 DoS 2002-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet.
3 CVE-2002-2208 DoS 2002-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.
4 CVE-2002-2053 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop.
5 CVE-2002-2052 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router. NOTE: the vendor could not reproduce this issue, saying that the original reporter was using an interim release of the software.
6 CVE-2002-1768 DoS 2002-12-31 2008-09-10
5.0
None Remote Low Not required None None Partial
Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985.
7 CVE-2002-1706 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.
8 CVE-2002-1360 20 DoS Exec Code 2002-12-23 2009-03-04
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
9 CVE-2002-1359 20 DoS Exec Code Overflow 2002-12-23 2009-03-04
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
10 CVE-2002-1358 20 DoS Exec Code 2002-12-23 2009-03-04
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
11 CVE-2002-1357 119 DoS Exec Code Overflow 2002-12-23 2009-03-04
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
12 CVE-2002-1024 399 DoS Overflow 2002-10-04 2008-09-05
7.1
None Remote Medium Not required None None Complete
Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144).
13 CVE-2002-0813 119 DoS Overflow 2002-08-12 2008-09-05
7.1
None Remote Medium Not required None None Complete
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
14 CVE-2002-0339 2002-06-25 2008-09-05
5.0
None Remote Low Not required None Partial None
Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.
Total number of vulnerabilities : 14   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.