Cisco iOS vulnerabilities

581 known vulnerabilities affecting cisco/ios.

Total CVEs

581

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL32HIGH327MEDIUM211LOW11

Vulnerabilities

Page 16 of 30

CVE-2013-5476HIGHCVSS 7.8v15.1v15.22013-09-27

CVE-2013-5476 [HIGH] CWE-20 CVE-2013-5476: The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174.

nvd

CVE-2013-5480HIGHCVSS 7.8v12.2v15.0+3 more2013-09-27

CVE-2013-5480 [HIGH] CWE-20 CVE-2013-5480: The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows re The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.

nvd

CVE-2013-5475HIGHCVSS 7.8v12.2v12.3+5 more2013-09-27

CVE-2013-5475 [HIGH] CWE-20 CVE-2013-5475: Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attacke Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561.

nvd

CVE-2013-5478HIGHCVSS 7.8v15.0v15.1+2 more2013-09-27

CVE-2013-5478 [HIGH] CWE-20 CVE-2013-5478: Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote a Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.

nvd

CVE-2013-5472HIGHCVSS 7.1v12.0v12.1+5 more2013-09-27

CVE-2013-5472 [HIGH] CWE-20 CVE-2013-5472: The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226.

nvd

CVE-2013-0149MEDIUMCVSS 5.8v12.0v12.0\(1\)+485 more2013-08-05

CVE-2013-0149 [MEDIUM] CVE-2013-0149: The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9 The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (ro

nvd

CVE-2013-1143HIGHCVSS 7.1v12.2v15.0+4 more2013-03-28

CVE-2013-1143 [HIGH] CWE-119 CVE-2013-1143: The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3 The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect memory access and device reload) via a traffic engineering PATH message in an RSVP packet, aka Bug ID CSC

nvd

CVE-2013-1146HIGHCVSS 7.8v12.2v15.0+4 more2013-03-28

CVE-2013-1146 [HIGH] CWE-119 CVE-2013-1146: The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790.

nvd

CVE-2013-1148HIGHCVSS 7.8v15.22013-03-28

CVE-2013-1148 [HIGH] CWE-119 CVE-2013-1148: The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15 The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service (device reload) via crafted (1) IPv4 or (2) IPv6 IP SLA packets on UDP port 1167, aka Bug ID CSCuc72594.

nvd

CVE-2013-1142HIGHCVSS 7.8≥ 12.2, ≤ 12.4≥ 15.0, ≤ 15.22013-03-28

CVE-2013-1142 [HIGH] CWE-362 CVE-2013-1142: Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 all Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745.

nvd

CVE-2013-1147HIGHCVSS 7.8v12.3v12.4+4 more2013-03-28

CVE-2013-1147 [HIGH] CWE-119 CVE-2013-1147: The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, wh The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a PT resource, aka B

nvd

CVE-2013-1144HIGHCVSS 7.8v15.12013-03-28

CVE-2013-1144 [HIGH] CWE-399 CVE-2013-1144: Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified (1) IPv4 or (2) IPv6 IKE packets, aka Bug ID CSCth81055.

nvd

CVE-2013-1145HIGHCVSS 7.8v12.2v12.4+2 more2013-03-28

CVE-2013-1145 [HIGH] CWE-399 CVE-2013-1145: Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled, allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed SIP messages, aka Bug ID CSCtl99174.

nvd

CVE-2012-3950HIGHCVSS 7.1v12.3v12.3\(1a\)+289 more2012-09-27

CVE-2012-3950 [HIGH] CWE-399 CVE-2012-3950: The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS packets, aka Bug ID CSCtw55976.

nvd

CVE-2012-4617HIGHCVSS 7.1v15.22012-09-27

CVE-2012-4617 [HIGH] CWE-20 CVE-2012-4617: The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2. The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914.

nvd

CVE-2012-4623HIGHCVSS 7.8v12.3v12.3\(1a\)+291 more2012-09-27

CVE-2012-4623 [HIGH] CWE-20 CVE-2012-4623: The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6. The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device reload) via a malformed DHCPv6 packet, aka Bug ID CSCto57723.

nvd

CVE-2012-4619HIGHCVSS 7.8v12.2v12.4+4 more2012-09-27

CVE-2012-4619 [HIGH] CWE-399 CVE-2012-4619: The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cau The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123.

nvd

CVE-2012-4618HIGHCVSS 7.8v12.2v12.4+4 more2012-09-27

CVE-2012-4618 [HIGH] CWE-399 CVE-2012-4618: The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183.

nvd

CVE-2012-4621HIGHCVSS 7.8v15.0v15.0\(1\)se+2 more2012-09-27

CVE-2012-4621 [HIGH] CWE-399 CVE-2012-4621: The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial o The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.

nvd

CVE-2012-3949HIGHCVSS 7.8v12.2v12.2b+206 more2012-09-27

CVE-2012-3949 [HIGH] CWE-20 CVE-2012-3949: The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a cra

nvd

← Previous16 / 30Next →