Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-2139 Unspecified vulnerability in Cisco PIX Firewall Software
Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.
network
low complexity
cisco
6.4
6.4
2002-12-31 CVE-2002-2053 Denial Of Service vulnerability in Cisco IOS 12.1
The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop.
network
low complexity
cisco
5.0
5.0
2002-12-31 CVE-2002-2052 Denial of Service vulnerability in Cisco IOS 12.1(6.5)
Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router.
network
low complexity
cisco
5.0
5.0
2002-12-31 CVE-2002-2037 Unspecified vulnerability in Cisco products
The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities.
network
low complexity
cisco
5.0
5.0
2002-12-31 CVE-2002-1768 Denial of Service vulnerability in Cisco Malformed HSRP Traffic
Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985.
network
low complexity
cisco
5.0
5.0
2002-12-31 CVE-2002-1706 Improper Verification of Cryptographic Signature vulnerability in Cisco IOS
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.
network
low complexity
cisco CWE-347
7.5
7.5
2002-12-23 CVE-2002-1360 Improper Input Validation vulnerability in multiple products
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. 		10.0
10
2002-12-23 CVE-2002-1359 Improper Input Validation vulnerability in multiple products
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. 		10.0
10
2002-12-23 CVE-2002-1358 Improper Input Validation vulnerability in multiple products
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. 		10.0
10
2002-12-23 CVE-2002-1357 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. 		10.0
10