| 9! | Cisco IOS multiple security vulnerabilities
|
 | | IP SLA DoS, smart install (TCP/4786) code execution, memory leaks in IPS and firewall features, multiple SIP vulnerailibites, multiple protocols NAT translation DoS, multiple IPv6 DoS, DLSw DoS. |
| 7! | Cisco IOS multiple security vulnerabilities
|
| | DoS via SIP, DoS via ICGMP, SSL information leak, DoS in voice protocols application layer gateway for NAT. |
| 7! | Cisco routers IOS multiple security vulnerabilities
|
| | DoS via TCP connections, multiple vulnerabilities in IPSec, H.323, SIP. SCCP, MPLS protocols. |
| 9! | Multiple TCP implementations different security vulnerabilities
updated since 09.09.2009
|
| | Multiple security vulnerabilities in different operation sustems caused by resource exhaustions on maintaining TCP states table. |
| 8! | Cisco IOS multiple security vulnerabilities
updated since 23.09.2009
|
| | Multiple DoS conditions, restriction bypass. |
| 6! | Cisco IOS BGP DoS
|
| | Few denial of service conditions on BGP updates with 4-bytes AS numbers. |
| 7! | Cisco IOS multiple security vulnerabilities
updated since 26.03.2009
|
| | Multiple DoS conditions in TCP, cTCP, Mobile IP/Mobile IPv6, WebVPN, SSLVPN implementations, SCP privilege escalation. |
| 7! | Cisco IOS, Cisco 10000, uBR10012, uBR7200 and Cisco UCM multiple security vulnerabilities
|
| | DoS with L2TP, MPLS, IPS, SIP, SSL vulnerabilities, information leaks, multiple multicast security vulnerabilities, NAT SCP, IOS Software firewall application inspection security vulnerabilities. |
| 6! | Cisco IOS embedded FTP server multiple security vulneraiblities
updated since 12.05.2007
|
| | DoS, unauthorized access, directory traversal. |
| 6! | Multiple DNS servers and clients DNS records spoofing
updated since 12.07.2008
|
| | DNS poisoning attack may be used to spoof query results. |
| 6! | Multiple SNMPv3 authentication implementations bypass
|
| | User-supplied number of signature bytes are checked on signature validation. |
| 8! | CISCO routers IOS multiple security vulnerabilities
updated since 26.03.2008
|
| | MVPN information leak, UDP DoS, multiple VPDN and DLSw DoS, multiple OSPF and MPLS vulnerabilities. |
| | Cisco routers IOS IPv6 information leakage
|
| | IPv6 header contains 16 bytes of non-initialized memory from router's address space. |
| | Cisco routers IOS Cisco Next Hop Resolution Protocol DoS
|
| | Crash on NHRP packets parsing. |
| 7! | Cisco IOS SCPauthentication bypass
|
| | Unprivileged user has full access to device, incpuding reading and writing it's configuration. |
| 6! | Cisco multiple devices DoS
|
| | Denial of service on ASN.1 parsing due to vulnerability in cryptographics library. |
| 6! | Cisco routers SSL DoS
|
| | Multiple vulnerabilities on SSL packets parsing. |
| 6! | Cisco Catalist Network Analysis Module unauthorized SNMP access
|
| | It's possible to get full access to device via spoofed SNMP packets. |
| | Cisco Catalist MPLS vulnerability |
| | | |
| 10! | Cisco routers and code execution with IP options DoS
|
| | ICMP, UDP or TCP packets with some IP options set can cause device reload and potentially code execution. |
| 6! | Cisco routers memory leak DoS
|
| | Memory leak on incoming TCP packets. |
| 6! | Cisco routers IPv6 DoS
|
| | Router crash on parsing IPv6 packet RH (routing header). |
| | Cisco IOS Data-link Switching DoS
|
| | Device reload on malformed DLSw message parsing. |
| | Cisco IOS access control lists bypass with GRE
|
| | Under some conditions it's possible to create GRE with payload to be forwarded from router's IP. |
| | Cisco routers IOS TCL privilege escalation
|
| | User can execute any command by switching to TCL (Tool Command Language) mode. |
| | Cisco IOS Stack Group Bidding Protocol (SGBP) DoS
|
| | Invalid SGBP (UDP/9900) packet can cause router to hang if sgbp group is defined |
| 6! | Multiple OSs, routers and firewalls IPSec ISAKMP IKE DoS
updated since 14.11.2005
|
| | Multiple vulnerabilities detected with PROTOS IPSec security scanner. |
| 7! | The Holy Grail: Cisco IOS shellcode And Exploitation Techniques
updated since 30.07.2005
|
| | Michaels Lynn's presentation on Cisco routers malicious code execution possibility. |
| | Cisco IOS buffer overflow
|
| | Buffer overflow in FTP / telnet proxy authentication option. |
| 6! | ICMP and TCP timestamp attacks to reset TCP connections
updated since 13.04.2005
|
| | By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease. |
| 7! | Cisco routers IOS IPv6 vulnerability
|
| | Bug during IPv6 packets parsing leads to router crash and potentially to code execution. |
| | Cisco RADIUS authentication bypass
|
| | It's possible to bypass RADIUS authorisation is NONE is set at fallback authentication method. |
| | Cisco routers IOS ssh DoS
|
| | Bugs in ssh in conbination with TACACS+ causes router to hang or reload. |
| | Cisco routers IOS IKE XAuth authentication bypass
|
| | It's possible to bypass authentication process. |
| 7! | Multiple Cisco routers IOS DoS vulnerabilities
|
| | Malcrafted IPv6, BGP or MPLS packets can cause router to reboot. |
| | Cisco IOS Telephony Services DoS
|
| | DoS on SCCP control protocol parsing if configured tobe used with Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) |
| 6! | Cisco IOS DHCP DoS
|
| | Malcrafted packet blocks input queue. |
| 6! | Cisco IOS telnet DoS
|
| | Specially crafted telnet or reverse telnet connection causes all TCP based services to fail. |
| 6! | Cisco IOS OSPF DoS
|
| | Malformed OSPF packet causes router to reboot. |
| 6! | Cisco BGP DoS
|
| | Router reboots on malformed BGP packet. |
| 7! | TCP RST packets spoofing
updated since 21.04.2004
|
| | By sending spoofed RST it's possible to terminate established TCP connection. unlike TPC hijacking attacks there is no need for exact TCP sequence number, and number can be any number from handshaked TCP window. It significantly increases attack efficiency. In NetBSD sequence number for RST is not checked at all, it makes it possible to terminate session with single packet. |
| 6! | Cisco SNMP DoS
|
| | Malformed packet can cause router to crash. |
| | Cisco link level frames DoS
|
| | Link level frame with size mismatched to network leyer size can cause device to crash or hang. |
| 7! | Multiple bugs in H.323 implementations |
| | | |
| | Cisco IOS HTTP buffer overflow
|
| | Buffer overflow on GET request over 2 GB. |
| 9! | DoS against many Cisco routers
updated since 17.07.2003
|
| | A device receiving specifically crafted IPv4 packets will force the inbound interface to stop processing traffic. |
| 6! | Multiple products SIP protocol implementation vulnerabilities
|
| | Multiple vulnerabilities in multiple products of multiple vendors. |
| 10! | Mulbiple bugs in different SSH2 realizations
updated since 17.12.2002
|
| | Differeng bugs on malformed packets processing during keys exchange. |
| | Cisco EIGRP DoS
|
| | DoS on receiving huge neighbour list. |
| 6! | Cisco SSH multiple bugs
updated since 28.06.2001
|
| | It's possible to insert command and intercept data from ssh session. |
| | Buffer overflow in CIsco NTP |
| | | |
| | Утечка информации в CISCO (information leakage) |
| | | |
| 6! | Проблемы в IOS Firewall Feature Set (protection bypass) |
| | | |
| | Arp spoofing в CISCO |
| | | |
| | Проблемы с CDP в CISCO (DoS)
updated since 18.09.2000 |
| | | |
| | DoS против PPTP в различных системах
updated since 14.02.2001 |
| | | |
| 6! | Несанкционированный доступ через HTTP в Cisco (unauthorized access). |
| | | |
| | |
