| 7! | Cisco IOS, Cisco 10000, uBR10012, uBR7200 and Cisco UCM multiple security vulnerabilities
|
 | | DoS with L2TP, MPLS, IPS, SIP, SSL vulnerabilities, information leaks, multiple multicast security vulnerabilities, NAT SCP, IOS Software firewall application inspection security vulnerabilities. |
| 6! | Cisco IOS embedded FTP server multiple security vulneraiblities
updated since 12.05.2007
|
| | DoS, unauthorized access, directory traversal. |
| 6! | Multiple DNS servers and clients DNS records spoofing
updated since 12.07.2008
|
| | DNS poisoning attack may be used to spoof query results. |
| 6! | Multiple SNMPv3 authentication implementations bypass
|
| | User-supplied number of signature bytes are checked on signature validation. |
| 8! | CISCO routers IOS multiple security vulnerabilities
updated since 26.03.2008
|
| | MVPN information leak, UDP DoS, multiple VPDN and DLSw DoS, multiple OSPF and MPLS vulnerabilities. |
| | Cisco routers IOS LPD server buffer overflows
|
| | Buffer overflow if oversized local hostname is set. |
| | Cisco routers IOS IPv6 information leakage
|
| | IPv6 header contains 16 bytes of non-initialized memory from router's address space. |
| | Cisco routers IOS Cisco Next Hop Resolution Protocol DoS
|
| | Crash on NHRP packets parsing. |
| 6! | Cisco routers SSL DoS
|
| | Multiple vulnerabilities on SSL packets parsing. |
| 6! | Cisco multiple devices DoS
|
| | Denial of service on ASN.1 parsing due to vulnerability in cryptographics library. |
| | Multiple Cisco IOS IPS security vulnerabilities
|
| | Protection bypass with fragmented IP packets. DoS if regular expressions are used. |
| 6! | Cisco IP telephony routers DoS
|
| | SIP packet (UDP/5060) to device with vois over IP support, but not configured for SIP causes device to crash. |
| 6! | Cisco routers memory leak DoS
|
| | Memory leak on incoming TCP packets. |
| 6! | Cisco routers IPv6 DoS
|
| | Router crash on parsing IPv6 packet RH (routing header). |
| 10! | Cisco routers and code execution with IP options DoS
|
| | ICMP, UDP or TCP packets with some IP options set can cause device reload and potentially code execution. |
| | Cisco IOS Data-link Switching DoS
|
| | Device reload on malformed DLSw message parsing. |
| | Cisco routers IOS TCL privilege escalation
|
| | User can execute any command by switching to TCL (Tool Command Language) mode. |
| | Cisco IOS Stack Group Bidding Protocol (SGBP) DoS
|
| | Invalid SGBP (UDP/9900) packet can cause router to hang if sgbp group is defined |
| 6! | Multiple OSs, routers and firewalls IPSec ISAKMP IKE DoS
updated since 14.11.2005
|
| | Multiple vulnerabilities detected with PROTOS IPSec security scanner. |
| 7! | The Holy Grail: Cisco IOS shellcode And Exploitation Techniques
updated since 30.07.2005
|
| | Michaels Lynn's presentation on Cisco routers malicious code execution possibility. |
| | Cisco IOS buffer overflow
|
| | Buffer overflow in FTP / telnet proxy authentication option. |
| 6! | ICMP and TCP timestamp attacks to reset TCP connections
updated since 13.04.2005
|
| | By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease. |
| 7! | Cisco routers IOS IPv6 vulnerability
|
| | Bug during IPv6 packets parsing leads to router crash and potentially to code execution. |
| | Cisco RADIUS authentication bypass
|
| | It's possible to bypass RADIUS authorisation is NONE is set at fallback authentication method. |
| | Cisco routers IOS IKE XAuth authentication bypass
|
| | It's possible to bypass authentication process. |
| | Cisco routers IOS ssh DoS
|
| | Bugs in ssh in conbination with TACACS+ causes router to hang or reload. |
| 7! | Multiple Cisco routers IOS DoS vulnerabilities
|
| | Malcrafted IPv6, BGP or MPLS packets can cause router to reboot. |
| | Cisco IOS Telephony Services DoS
|
| | DoS on SCCP control protocol parsing if configured tobe used with Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) |
| 6! | Cisco IOS OSPF DoS
|
| | Malformed OSPF packet causes router to reboot. |
| 6! | Cisco BGP DoS
|
| | Router reboots on malformed BGP packet. |
| 7! | TCP RST packets spoofing
updated since 21.04.2004
|
| | By sending spoofed RST it's possible to terminate established TCP connection. unlike TPC hijacking attacks there is no need for exact TCP sequence number, and number can be any number from handshaked TCP window. It significantly increases attack efficiency. In NetBSD sequence number for RST is not checked at all, it makes it possible to terminate session with single packet. |
| 6! | Cisco SNMP DoS
|
| | Malformed packet can cause router to crash. |
| 7! | Multiple bugs in H.323 implementations |
| | | |
| | |
