# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2018-0131 |
326 |
|
|
2018-08-14 |
2018-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. |
2 |
CVE-2018-0123 |
22 |
|
Dir. Trav. |
2018-02-08 |
2018-03-13 |
4.9 |
None |
Local |
Low |
Not required |
None |
Complete |
None |
A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell. The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic shell, and providing crafted user input to commands at the local diagnostic shell CLI. Successful exploitation could allow the attacker to overwrite system files that should be restricted. Cisco Bug IDs: CSCvg41950. |
3 |
CVE-2017-12304 |
79 |
|
Exec Code XSS |
2017-11-16 |
2017-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the web-based management interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf60862. |
4 |
CVE-2017-12228 |
20 |
|
|
2017-09-28 |
2017-10-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171. |
5 |
CVE-2017-6770 |
20 |
|
|
2017-08-07 |
2018-05-09 |
4.3 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
Partial |
Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic. The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router to flush its routing table and propagate the crafted OSPF LSA type 1 update throughout the OSPF AS domain. To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast OSPF LSA type 1 packets. No other LSA type packets can trigger this vulnerability. OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability. Cisco Bug IDs: CSCva74756, CSCve47393, CSCve47401. |
6 |
CVE-2016-6422 |
20 |
|
Bypass |
2016-10-06 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized by a filter, aka Bug ID CSCuy64806. |
7 |
CVE-2016-6412 |
20 |
|
|
2016-09-23 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773. |
8 |
CVE-2016-6409 |
399 |
|
DoS |
2016-09-23 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015. |
9 |
CVE-2016-6404 |
79 |
|
XSS |
2016-09-18 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854. |
10 |
CVE-2016-6403 |
399 |
|
DoS |
2016-09-18 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912. |
11 |
CVE-2016-1459 |
399 |
|
DoS |
2016-07-17 |
2017-08-31 |
4.9 |
None |
Remote |
High |
Single system |
None |
None |
Complete |
Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061. |
12 |
CVE-2015-6365 |
20 |
|
Bypass |
2015-11-13 |
2016-12-07 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303. |
13 |
CVE-2015-0610 |
362 |
|
Bypass |
2015-02-11 |
2017-09-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071. |
14 |
CVE-2015-0607 |
287 |
|
Bypass |
2015-03-05 |
2015-03-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016. |
15 |
CVE-2015-0606 |
20 |
|
DoS |
2015-02-11 |
2017-09-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. |
16 |
CVE-2014-3262 |
20 |
|
DoS |
2014-05-16 |
2016-09-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. |
17 |
CVE-2014-2146 |
20 |
|
Bypass |
2016-09-22 |
2017-02-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. |
18 |
CVE-2013-6694 |
20 |
|
DoS |
2013-11-22 |
2013-11-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. |
19 |
CVE-2013-5548 |
264 |
|
Bypass |
2013-10-31 |
2013-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. |
20 |
CVE-2013-1136 |
399 |
|
DoS |
2013-05-13 |
2013-05-13 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193. |
21 |
CVE-2012-5427 |
20 |
|
DoS |
2014-04-23 |
2014-04-23 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518. |
22 |
CVE-2012-5039 |
399 |
|
DoS |
2014-04-23 |
2014-04-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. |
23 |
CVE-2012-5037 |
264 |
|
DoS |
2014-04-23 |
2014-04-23 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. |
24 |
CVE-2012-4651 |
189 |
|
DoS |
2014-04-23 |
2014-04-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451. |
25 |
CVE-2012-4638 |
|
|
DoS |
2014-04-23 |
2014-04-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318. |
26 |
CVE-2012-3918 |
|
|
DoS |
2014-04-23 |
2014-04-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317. |
27 |
CVE-2012-1361 |
200 |
|
+Info |
2012-08-06 |
2012-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. |
28 |
CVE-2012-0362 |
264 |
|
Bypass |
2012-05-02 |
2012-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106. |
29 |
CVE-2011-4667 |
310 |
|
|
2017-09-25 |
2017-10-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. |
30 |
CVE-2010-4685 |
310 |
|
Bypass |
2011-01-07 |
2017-08-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. |
31 |
CVE-2010-3049 |
20 |
|
DoS |
2017-09-25 |
2017-10-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). |
32 |
CVE-2009-1220 |
79 |
|
XSS |
2009-04-01 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header. |
33 |
CVE-2009-0470 |
79 |
|
XSS |
2009-02-06 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. |
34 |
CVE-2008-3821 |
79 |
|
XSS |
2009-01-16 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. |
35 |
CVE-2007-5547 |
79 |
|
Exec Code XSS |
2007-10-18 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. |
36 |
CVE-2007-4632 |
287 |
|
Bypass |
2007-08-31 |
2018-10-26 |
4.3 |
User |
Local Network |
High |
Not required |
Partial |
Partial |
Partial |
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105. |
37 |
CVE-2006-0486 |
|
|
Exec Code Bypass |
2006-01-31 |
2017-10-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770. |
38 |
CVE-2006-0485 |
|
|
Exec Code |
2006-01-31 |
2017-10-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049. |
39 |
CVE-2004-0244 |
20 |
|
DoS |
2004-11-23 |
2017-10-10 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet. |