Search:Software:IOS 12.1 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

See also
  CISCO : Cisco IOS 12.4
  CISCO : Cisco IOS 12.3
  CISCO : Cisco IOS 12.2
  CISCO : Cisco IOS 12.1
  CISCO : Cisco IOS 12.0
  CISCO : IOS 12.4
  CISCO : IOS 12.3
  CISCO : IOS 12.2
  CISCO : IOS 11.3
  CISCO : IOS 11.0
Name: CISCO : IOS 12.1

9! Multiple TCP implementations different security vulnerabilities
updated since 09.09.2009
document Multiple security vulnerabilities in different operation sustems caused by resource exhaustions on maintaining TCP states table.

8! Cisco IOS multiple security vulnerabilities
updated since 23.09.2009
Multiple DoS conditions, restriction bypass.

6! Cisco IOS BGP DoS
Few denial of service conditions on BGP updates with 4-bytes AS numbers.

7! Cisco IOS multiple security vulnerabilities
updated since 26.03.2009
document Multiple DoS conditions in TCP, cTCP, Mobile IP/Mobile IPv6, WebVPN, SSLVPN implementations, SCP privilege escalation.

6! Cisco IOS embedded FTP server multiple security vulneraiblities
updated since 12.05.2007
DoS, unauthorized access, directory traversal.

6! Multiple SNMPv3 authentication implementations bypass
document User-supplied number of signature bytes are checked on signature validation.

8! CISCO routers IOS multiple security vulnerabilities
updated since 26.03.2008
MVPN information leak, UDP DoS, multiple VPDN and DLSw DoS, multiple OSPF and MPLS vulnerabilities.

Cisco routers IOS Cisco Next Hop Resolution Protocol DoS
document Crash on NHRP packets parsing.

Cisco routers IOS IPv6 information leakage
IPv6 header contains 16 bytes of non-initialized memory from router's address space.

6! Cisco routers SSL DoS
Multiple vulnerabilities on SSL packets parsing.

Cisco Catalist MPLS vulnerability

6! Cisco Catalist Network Analysis Module unauthorized SNMP access
document It's possible to get full access to device via spoofed SNMP packets.

6! Cisco routers memory leak DoS
Memory leak on incoming TCP packets.

6! Cisco routers IPv6 DoS
Router crash on parsing IPv6 packet RH (routing header).

10! Cisco routers and code execution with IP options DoS
document ICMP, UDP or TCP packets with some IP options set can cause device reload and potentially code execution.

Cisco IOS Data-link Switching DoS
Device reload on malformed DLSw message parsing.

7! Cisco routers and Catalist switches multiple VTP security vulnerabilities
updated since 13.09.2006
document DoS, integer overflow and buffer oveflow on VTP (VLAN Trunking Protocol) packets parsing.

Cisco IOS access control lists bypass with GRE
Under some conditions it's possible to create GRE with payload to be forwarded from router's IP.

Cisco routers IOS TCL privilege escalation
document User can execute any command by switching to TCL (Tool Command Language) mode.

Cisco IOS Stack Group Bidding Protocol (SGBP) DoS
Invalid SGBP (UDP/9900) packet can cause router to hang if sgbp group is defined

7! The Holy Grail: Cisco IOS shellcode And Exploitation Techniques
updated since 30.07.2005
document Michaels Lynn's presentation on Cisco routers malicious code execution possibility.

6! ICMP and TCP timestamp attacks to reset TCP connections
updated since 13.04.2005
By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease.

7! Cisco routers IOS IPv6 vulnerability
document Bug during IPv6 packets parsing leads to router crash and potentially to code execution.

Cisco routers IOS ssh DoS
Bugs in ssh in conbination with TACACS+ causes router to hang or reload.

7! Multiple Cisco routers IOS DoS vulnerabilities
Malcrafted IPv6, BGP or MPLS packets can cause router to reboot.

Cisco IOS Telephony Services DoS
document DoS on SCCP control protocol parsing if configured tobe used with Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST)

6! Cisco IOS telnet DoS
Specially crafted telnet or reverse telnet connection causes all TCP based services to fail.

6! Cisco BGP DoS
document Router reboots on malformed BGP packet.

7! TCP RST packets spoofing
updated since 21.04.2004
By sending spoofed RST it's possible to terminate established TCP connection. unlike TPC hijacking attacks there is no need for exact TCP sequence number, and number can be any number from handshaked TCP window. It significantly increases attack efficiency. In NetBSD sequence number for RST is not checked at all, it makes it possible to terminate session with single packet.

6! Cisco SNMP DoS
document Malformed packet can cause router to crash.

Multiple OpenSSL DoS bugs
updated since 17.03.2004
Few bugs patched during product audit.

Cisco link level frames DoS
Link level frame with size mismatched to network leyer size can cause device to crash or hang.

7! Multiple bugs in H.323 implementations

Cisco IOS HTTP buffer overflow
document Buffer overflow on GET request over 2 GB.

9! DoS against many Cisco routers
updated since 17.07.2003
A device receiving specifically crafted IPv4 packets will force the inbound interface to stop processing traffic.

10! Mulbiple bugs in different SSH2 realizations
updated since 17.12.2002
document Differeng bugs on malformed packets processing during keys exchange.

Cisco EIGRP DoS
DoS on receiving huge neighbour list.

6! Cisco SSH multiple bugs
updated since 28.06.2001
It's possible to insert command and intercept data from ssh session.

Cisco IOS DoS

Buffer overflow in CIsco NTP

�� CISCO (information leakage)

6! �� SNMP Cisco/Olicom/3Com (ILMI SNMP community)
updated since 28.02.2001

6! �� IOS Firewall Feature Set (protection bypass)

Arp spoofing � CISCO

�� CDP � CISCO (DoS)
updated since 18.09.2000

DoS �� PPTP � ��
updated since 14.02.2001

6! �� HTTP � Cisco (unauthorized access).

DoS �� Cisco (TCP scan)

�� Cisco (Initial TCP sequence number)

DoS �� -�� Cisco IOS (web DoS)

6! �� Accesslist'�� CISCO IOS 12.1(4)