Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-12-31 | CVE-2002-2139 | Unspecified vulnerability in Cisco PIX Firewall Software Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack. | 6.4 |
2002-12-31 | CVE-2002-2053 | Denial Of Service vulnerability in Cisco IOS 12.1 The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop. | 5.0 |
2002-12-31 | CVE-2002-2052 | Denial of Service vulnerability in Cisco IOS 12.1(6.5) Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router. | 5.0 |
2002-12-31 | CVE-2002-2037 | Unspecified vulnerability in Cisco products The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities. | 5.0 |
2002-12-31 | CVE-2002-1768 | Denial of Service vulnerability in Cisco Malformed HSRP Traffic Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985. | 5.0 |
2002-12-31 | CVE-2002-1706 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. | 7.5 |
2002-12-23 | CVE-2002-1360 | Improper Input Validation vulnerability in multiple products Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. network low complexity cisco fissh intersoft netcomposite pragma-systems putty winscp CWE-20 critical | 10.0 |
2002-12-23 | CVE-2002-1359 | Improper Input Validation vulnerability in multiple products Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. network low complexity cisco fissh intersoft netcomposite pragma-systems putty winscp CWE-20 critical | 10.0 |
2002-12-23 | CVE-2002-1358 | Improper Input Validation vulnerability in multiple products Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. network low complexity cisco fissh intersoft netcomposite pragma-systems putty winscp CWE-20 critical | 10.0 |
2002-12-23 | CVE-2002-1357 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. network low complexity cisco fissh intersoft netcomposite pragma-systems putty winscp CWE-119 critical | 10.0 |