Vulnerabilities > Cisco > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2001-11-28 | CVE-2001-0929 | Unspecified vulnerability in Cisco IOS Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists. | 7.5 |
2001-10-30 | CVE-2001-0669 | Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. | 7.5 |
2001-10-18 | CVE-2001-0757 | Unspecified vulnerability in Cisco 6400 NRP 2 12.1Dc Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. | 7.5 |
2001-10-18 | CVE-2001-0753 | Remote Security vulnerability in CBOS Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. | 7.5 |
2001-10-18 | CVE-2001-0751 | Remote Security vulnerability in CBOS Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. | 7.5 |
2001-09-12 | CVE-2001-1105 | RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. | 7.5 |
2001-08-14 | CVE-2001-0622 | Authentication Bypass vulnerability in Cisco Content Service Switch Management The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. | 7.5 |
2001-08-14 | CVE-2001-0621 | Unspecified vulnerability in Cisco Content Services Switch 11000 The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. | 7.5 |
2001-06-27 | CVE-2001-0455 | Unspecified vulnerability in Cisco Aironet 340 Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. | 7.5 |
2001-06-18 | CVE-2001-0427 | Improper Input Validation vulnerability in Cisco products Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts. | 7.1 |