Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-27 | CVE-2013-5479 | Improper Input Validation vulnerability in Cisco IOS The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730. | 7.8 |
| 2013-09-27 | CVE-2013-5478 | Improper Input Validation vulnerability in Cisco IOS and IOS XE Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023. | 7.8 |
| 2013-09-27 | CVE-2013-5477 | Improper Input Validation vulnerability in Cisco IOS The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465. | 7.8 |
| 2013-09-27 | CVE-2013-5476 | Improper Input Validation vulnerability in Cisco IOS 15.1/15.2 The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174. | 7.8 |
| 2013-09-27 | CVE-2013-5475 | Improper Input Validation vulnerability in Cisco IOS and IOS XE Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561. | 7.8 |
| 2013-09-27 | CVE-2013-5474 | Race Condition vulnerability in Cisco IOS Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812. | 7.8 |
| 2013-09-27 | CVE-2013-5473 | Resource Management Errors vulnerability in Cisco IOS and IOS XE Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011. | 7.8 |
| 2013-09-27 | CVE-2013-5472 | Improper Input Validation vulnerability in Cisco IOS and IOS XE The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226. | 7.1 |
| 2013-09-26 | CVE-2012-4092 | Improper Input Validation vulnerability in Cisco Unified Computing System The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683. | 5.8 |
| 2013-09-26 | CVE-2012-4088 | Credentials Management vulnerability in Cisco Unified Computing System The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. | 4.3 |