Vulnerabilities > Cisco > IOS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-22 | CVE-2014-2146 | Improper Input Validation vulnerability in Cisco IOS XE The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. | 6.5 |
| 2016-09-19 | CVE-2016-6415 | Information Exposure vulnerability in Cisco IOS The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN. | 7.5 |
| 2016-09-18 | CVE-2016-6404 | Cross-site Scripting vulnerability in Cisco IOS 15.5(2)T Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854. | 6.1 |
| 2016-09-18 | CVE-2016-6403 | Resource Management Errors vulnerability in Cisco IOS The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912. | 5.9 |
| 2016-09-12 | CVE-2016-6398 | Information Exposure vulnerability in Cisco IOS 15.5(3)M The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274. | 5.3 |
| 2016-08-08 | CVE-2016-1478 | Improper Input Validation vulnerability in Cisco IOS Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619. | 7.5 |
| 2016-07-17 | CVE-2016-1459 | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061. | 5.3 |
| 2016-07-03 | CVE-2016-1425 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735. | 6.5 |
| 2016-06-23 | CVE-2015-6289 | Resource Management Errors vulnerability in Cisco IOS 15.5(3)M Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. | 7.5 |
| 2016-06-19 | CVE-2016-1424 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS 15.2(1)T1.11/15.2(2)Tst Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. | 6.5 |