Vulnerabilities > Cisco > IOS > 12.3.7.t3

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2021-34703 Improper Initialization vulnerability in Cisco IOS
A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-665
6.5
2020-06-03 CVE-2020-3201 Improper Input Validation vulnerability in Cisco IOS
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system.
local
low complexity
cisco CWE-20
4.9
2020-02-12 CVE-2011-4661 Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS
A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured.
network
cisco CWE-772
4.3
2019-09-25 CVE-2019-12655 Classic Buffer Overflow vulnerability in Cisco IOS
A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
network
low complexity
cisco CWE-120
7.8
2019-05-13 CVE-2019-1649 Improper Locking vulnerability in Cisco products
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component.
local
low complexity
cisco CWE-667
6.7
2017-10-19 CVE-2017-12289 Information Exposure vulnerability in Cisco IOS
A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file.
local
low complexity
cisco CWE-200
2.1
2017-09-29 CVE-2017-12240 Improper Input Validation vulnerability in Cisco IOS
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.
network
low complexity
cisco CWE-20
critical
10.0
2017-08-07 CVE-2017-6770 Improper Input Validation vulnerability in Cisco products
Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database.
network
high complexity
cisco CWE-20
4.2
2017-08-02 CVE-2012-5030 Resource Management Errors vulnerability in Cisco IOS
Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects.
network
low complexity
cisco CWE-399
6.8
2017-07-17 CVE-2017-6743 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
network
low complexity
cisco CWE-119
critical
9.0