# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
47751 |
CVE-2015-0728 |
79 |
|
XSS |
2015-05-14 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002. |
47752 |
CVE-2015-0727 |
79 |
|
XSS |
2015-05-14 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27789. |
47753 |
CVE-2015-0726 |
20 |
|
DoS |
2015-05-16 |
2017-01-06 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and CSCum65252. |
47754 |
CVE-2015-0725 |
20 |
|
DoS |
2015-07-16 |
2017-09-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming (aka VDS-IS or CDS-IS) before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug IDs CSCus79834 and CSCuu63409. |
47755 |
CVE-2015-0724 |
79 |
|
XSS |
2015-05-14 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCur25604. |
47756 |
CVE-2015-0723 |
399 |
|
DoS |
2015-05-16 |
2017-01-06 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269. |
47757 |
CVE-2015-0722 |
399 |
|
DoS |
2015-05-24 |
2015-05-26 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952. |
47758 |
CVE-2015-0721 |
264 |
|
Bypass |
2016-10-06 |
2017-07-29 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492. |
47759 |
CVE-2015-0718 |
399 |
|
DoS |
2016-03-03 |
2016-12-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. |
47760 |
CVE-2015-0717 |
20 |
|
+Priv |
2015-05-16 |
2017-01-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. |
47761 |
CVE-2015-0716 |
352 |
|
CSRF |
2015-05-06 |
2015-09-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. |
47762 |
CVE-2015-0715 |
89 |
|
Exec Code Sql |
2015-05-06 |
2015-09-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608. |
47763 |
CVE-2015-0714 |
79 |
|
XSS |
2015-05-02 |
2015-09-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595. |
47764 |
CVE-2015-0713 |
264 |
|
Exec Code |
2015-05-24 |
2015-05-26 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855. |
47765 |
CVE-2015-0712 |
399 |
|
DoS |
2015-05-01 |
2015-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217. |
47766 |
CVE-2015-0711 |
399 |
|
DoS |
2015-04-28 |
2015-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711. |
47767 |
CVE-2015-0710 |
399 |
|
DoS |
2015-04-28 |
2015-09-10 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling, aka Bug IDs CSCup37676 and CSCup30335. |
47768 |
CVE-2015-0709 |
399 |
|
DoS |
2015-04-28 |
2015-09-10 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348. |
47769 |
CVE-2015-0708 |
399 |
|
DoS |
2015-04-28 |
2015-09-10 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956. |
47770 |
CVE-2015-0706 |
|
|
|
2015-04-22 |
2015-04-23 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966. |
47771 |
CVE-2015-0705 |
352 |
|
CSRF |
2015-04-21 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494. |
47772 |
CVE-2015-0704 |
352 |
|
CSRF |
2015-04-21 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884. |
47773 |
CVE-2015-0703 |
79 |
|
XSS |
2015-04-20 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857. |
47774 |
CVE-2015-0702 |
434 |
|
Exec Code |
2015-04-20 |
2017-01-06 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. |
47775 |
CVE-2015-0701 |
20 |
|
Exec Code |
2015-05-06 |
2016-11-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. |
47776 |
CVE-2015-0700 |
352 |
|
CSRF |
2015-04-16 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924. |
47777 |
CVE-2015-0699 |
89 |
|
Exec Code Sql |
2015-04-15 |
2017-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. |
47778 |
CVE-2015-0698 |
79 |
|
XSS |
2015-04-15 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213. |
47779 |
CVE-2015-0697 |
601 |
|
|
2015-04-15 |
2017-01-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980. |
47780 |
CVE-2015-0696 |
79 |
|
XSS |
2015-04-15 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977. |
47781 |
CVE-2015-0695 |
19 |
|
DoS |
2015-04-16 |
2017-01-06 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957. |
47782 |
CVE-2015-0694 |
284 |
|
Bypass |
2015-04-10 |
2015-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. |
47783 |
CVE-2015-0693 |
20 |
|
Exec Code +Priv |
2015-04-15 |
2017-01-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259. |
47784 |
CVE-2015-0692 |
264 |
|
Exec Code +Priv |
2015-04-10 |
2017-01-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230. |
47785 |
CVE-2015-0691 |
78 |
|
Exec Code |
2015-04-16 |
2017-01-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. |
47786 |
CVE-2015-0690 |
79 |
|
XSS |
2015-04-06 |
2015-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. |
47787 |
CVE-2015-0689 |
119 |
|
Overflow Bypass |
2017-09-19 |
2017-09-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743. |
47788 |
CVE-2015-0688 |
399 |
|
DoS |
2015-04-03 |
2015-09-29 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070. |
47789 |
CVE-2015-0687 |
399 |
|
DoS |
2015-04-02 |
2015-09-29 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka Bug ID CSCuq04574. |
47790 |
CVE-2015-0686 |
399 |
|
DoS |
2015-04-02 |
2015-09-29 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID CSCuq92240. |
47791 |
CVE-2015-0685 |
20 |
|
DoS |
2015-04-02 |
2015-09-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. |
47792 |
CVE-2015-0684 |
89 |
|
Exec Code Sql |
2015-04-03 |
2015-09-29 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. |
47793 |
CVE-2015-0683 |
200 |
|
+Info File Inclusion |
2015-04-03 |
2015-09-29 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. |
47794 |
CVE-2015-0682 |
264 |
|
Exec Code |
2015-04-03 |
2015-10-27 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. |
47795 |
CVE-2015-0681 |
399 |
|
DoS |
2015-07-24 |
2017-09-20 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG, 3.2.xSG, and 3.3.xSG before 3.4.0SG; 3.2.xSE before 3.3.0SE; 3.2.xXO before 3.3.0XO; 3.2.xSQ; 3.3.xSQ; and 3.4.xSQ allows remote attackers to cause a denial of service (device hang or reload) via multiple requests that trigger improper memory management, aka Bug ID CSCts66733. |
47796 |
CVE-2015-0680 |
200 |
|
+Info |
2015-03-27 |
2015-11-30 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439. |
47797 |
CVE-2015-0679 |
20 |
|
DoS |
2015-03-27 |
2015-10-01 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. |
47798 |
CVE-2015-0678 |
20 |
|
DoS |
2015-04-10 |
2015-10-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954. |
47799 |
CVE-2015-0677 |
20 |
|
DoS |
2015-04-12 |
2015-04-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290. |
47800 |
CVE-2015-0676 |
20 |
|
DoS |
2015-04-12 |
2015-04-23 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655. |