Vulnerabilities > Cisco > IOS > 12.4mr
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-14 | CVE-2007-0918 | Unspecified vulnerability in Cisco IOS The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature. network cisco | 7.1 |
2007-02-14 | CVE-2007-0917 | Multiple vulnerability in Cisco IOS Intrusion Prevention System The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. | 6.4 |
2007-02-01 | CVE-2007-0648 | Remote Denial Of Service vulnerability in Cisco IOS SIP Packet Handling Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. | 7.8 |
2006-09-23 | CVE-2006-4950 | Unspecified vulnerability in Cisco IOS Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. | 10.0 |
2006-02-01 | CVE-2006-0485 | Unspecified vulnerability in Cisco IOS The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049. | 4.6 |
2006-01-21 | CVE-2006-0340 | Improper Input Validation vulnerability in Cisco IOS Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900. | 7.1 |
2005-11-30 | CVE-2005-3921 | HTML Injection vulnerability in Cisco IOS HTTP Service Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. | 2.6 |
2005-11-03 | CVE-2005-3481 | Unspecified vulnerability in Cisco IOS Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. | 9.3 |
2005-08-03 | CVE-2005-2451 | Unspecified vulnerability in Cisco IOS and IOS XR Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. | 2.1 |