Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-04-23 CVE-2012-5017 Improper Input Validation vulnerability in Cisco products
Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268.
network
low complexity
cisco CWE-20
6.8
2014-04-23 CVE-2012-5014 Denial-Of-Service vulnerability in IOS
Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436.
network
cisco
6.3
2014-04-23 CVE-2012-4658 Improper Authentication vulnerability in Cisco IOS
The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447.
network
low complexity
cisco CWE-287
5.0
2014-04-23 CVE-2012-4651 Numeric Errors vulnerability in Cisco IOS
Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451.
network
cisco CWE-189
4.3
2014-04-23 CVE-2012-4638 Denial-Of-Service vulnerability in Cisco IOS 15.1
Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318.
local
low complexity
cisco
4.9
2014-04-23 CVE-2012-3918 Denial-Of-Service vulnerability in Cisco IOS
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.
network
cisco
4.3
2014-04-23 CVE-2012-3062 Improper Input Validation vulnerability in Cisco IOS 15.1
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.
5.7
2014-04-23 CVE-2012-1366 Improper Input Validation vulnerability in Cisco products
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.
low complexity
cisco CWE-20
6.1
2014-04-23 CVE-2012-1317 Buffer Errors vulnerability in Cisco IOS 15.1
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.
network
high complexity
cisco CWE-119
5.4
2014-04-23 CVE-2012-0360 Resource Management Errors vulnerability in Cisco IOS 15.1
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.
network
low complexity
cisco CWE-399
5.0