CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities Published In 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-1398 200 DoS +Info 2003-12-31 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
2 CVE-2003-1132 DoS 2003-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.
3 CVE-2003-1109 DoS Exec Code 2003-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
4 CVE-2003-1096 +Priv 2003-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.
5 CVE-2003-0851 DoS 2003-12-01 2009-03-04
5.0
None Remote Low Not required None None Partial
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
6 CVE-2003-0732 +Priv +Info 2003-10-20 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.
7 CVE-2003-0731 +Priv 2003-10-20 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
8 CVE-2003-0677 DoS 2003-08-27 2008-09-10
5.0
None Remote Low Not required None None Partial
Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure."
9 CVE-2003-0647 Exec Code Overflow 2003-08-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
10 CVE-2003-0567 20 DoS 2003-08-18 2009-03-04
7.8
None Remote Low Not required None None Complete
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
11 CVE-2003-0512 310 2003-08-27 2009-03-04
5.0
None Remote Low Not required Partial None None
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.
12 CVE-2003-0511 DoS 2003-08-27 2009-03-04
5.0
None Remote Low Not required None None Partial
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
13 CVE-2003-0305 DoS 2003-06-09 2009-03-04
5.0
None Remote Low Not required None None Partial
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
14 CVE-2003-0260 DoS 2003-05-27 2008-09-10
5.0
None Remote Low Not required None None Partial
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.
15 CVE-2003-0259 DoS 2003-05-27 2008-09-10
5.0
None Remote Low Not required None None Partial
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.
16 CVE-2003-0258 2003-05-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.
17 CVE-2003-0216 287 Bypass 2003-05-12 2008-09-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.
18 CVE-2003-0210 DoS Exec Code Overflow 2003-05-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.
19 CVE-2003-0100 DoS Exec Code Overflow 2003-03-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
20 CVE-2002-1558 +Priv 2003-03-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet.
21 CVE-2002-1557 DoS 2003-03-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character.
22 CVE-2002-1556 DoS 2003-03-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR).
23 CVE-2002-1555 +Info 2003-03-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information.
24 CVE-2002-1554 +Priv 2003-03-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup.
25 CVE-2002-1553 2003-03-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.
26 CVE-2002-1492 Overflow +Priv 2003-04-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.
27 CVE-2002-1491 +Priv 2003-04-02 2008-09-05
5.0
None Remote Low Not required Partial None None
The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges.
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.