Vulnerabilities > Cisco > IOS > 12.1az
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-27 | CVE-2009-0636 | Denial of Service vulnerability in Cisco IOS Session Initiation Protocol Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message. | 7.8 |
2009-03-27 | CVE-2009-0630 | Features IP Sockets Denial Of Service vulnerability in Cisco IOS The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets. network cisco | 7.1 |
2009-03-27 | CVE-2009-0631 | Features UDP Packet Denial of Service vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote attackers to cause a denial of service (blocked input queue on the inbound interface) via a crafted UDP packet. | 7.8 |
2008-09-26 | CVE-2008-3808 | Unspecified vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet. | 7.8 |
2008-03-27 | CVE-2008-1151 | Resource Management Errors vulnerability in Cisco IOS Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566. | 7.1 |
2008-03-27 | CVE-2008-1150 | Resource Management Errors vulnerability in Cisco IOS The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309. | 7.1 |
2007-10-12 | CVE-2007-5381 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515. | 9.3 |
2007-05-10 | CVE-2007-2587 | Multiple vulnerability in Cisco IOS FTP Server The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244). network cisco | 6.3 |
2007-01-11 | CVE-2007-0199 | Denial Of Service vulnerability in Cisco IOS Data-link Switching The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... | 5.0 |
2006-09-23 | CVE-2006-4950 | Unspecified vulnerability in Cisco IOS Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. | 10.0 |