Vulnerabilities > Cisco > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-11-24 | CVE-2004-0308 | Unspecified vulnerability in Cisco Optical Networking Systems Software Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell. | 10.0 |
2004-06-01 | CVE-2004-0391 | Unspecified vulnerability in Cisco products Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration. | 10.0 |
2004-01-21 | CVE-2004-1760 | Improper Authentication vulnerability in multiple products The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. | 10.0 |
2003-12-31 | CVE-2003-1096 | Unspecified vulnerability in Cisco Leap The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks. | 10.0 |
2003-12-31 | CVE-2003-1398 | Information Exposure vulnerability in Cisco IOS Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). | 9.3 |
2003-10-20 | CVE-2003-0731 | Remote Security vulnerability in Resource Manager CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter. | 10.0 |
2003-10-20 | CVE-2003-0732 | Denial-Of-Service vulnerability in Resource Manager CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages. | 10.0 |
2003-05-12 | CVE-2003-0216 | Remote Security vulnerability in Cisco Catos 7.5(1) Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | 9.3 |
2003-03-31 | CVE-2002-1558 | Unspecified vulnerability in Cisco Optical Networking Systems Software Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet. | 10.0 |
2002-12-23 | CVE-2002-1357 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. network low complexity cisco fissh intersoft netcomposite pragma-systems putty winscp CWE-119 critical | 10.0 |