Cisco iOS vulnerabilities

581 known vulnerabilities affecting cisco/ios.

Total CVEs

581

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL32HIGH327MEDIUM211LOW11

Vulnerabilities

Page 21 of 30

CVE-2010-2834HIGHCVSS 7.8v12.1v12.1t+189 more2010-09-23

CVE-2010-2834 [HIGH] CVE-2010-2834: Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Ci Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic ov

nvd

CVE-2010-2835HIGHCVSS 7.8v12.1v12.1t+189 more2010-09-23

CVE-2010-2835 [HIGH] CVE-2010-2835: Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Ci Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services ou

nvd

CVE-2010-2831HIGHCVSS 7.8v12.1v12.1t+189 more2010-09-23

CVE-2010-2831 [HIGH] CVE-2010-2831: Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624.

nvd

CVE-2010-2833HIGHCVSS 7.8v12.1v12.1t+189 more2010-09-23

CVE-2010-2833 [HIGH] CVE-2010-2833: Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 1 Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472.

nvd

CVE-2010-2832HIGHCVSS 7.8v12.1v12.1t+189 more2010-09-23

CVE-2010-2832 [HIGH] CVE-2010-2832: Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15. Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428.

nvd

CVE-2010-2836HIGHCVSS 7.8v12.4v12.4gc+29 more2010-09-23

CVE-2010-2836 [HIGH] CWE-399 CVE-2010-2836: Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685.

nvd

CVE-2010-2830HIGHCVSS 7.1v12.2v12.2b+161 more2010-09-23

CVE-2010-2830 [HIGH] CVE-2010-2830: The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, whe The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603.

nvd

CVE-2010-2828HIGHCVSS 7.8v12.1tv12.1xi+167 more2010-09-23

CVE-2010-2828 [HIGH] CVE-2010-2828: Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 throug Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323 packets, aka Bug ID CSCtc73759.

nvd

CVE-2010-2827HIGHCVSS 7.8v15.1\(2\)t2010-08-16

CVE-2010-2827 [HIGH] CWE-20 CVE-2010-2827: Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TC Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193.

nvd

CVE-2010-1574CRITICALCVSS 10.0v12.2\(52\)sev12.2\(52\)se12010-07-08

CVE-2010-1574 [CRITICAL] CWE-264 CVE-2010-1574: IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a comm IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.

nvd

CVE-2010-0581CRITICALCVSS 10.0v12.3jkv12.3t+42 more2010-03-25

CVE-2010-0581 [CRITICAL] CVE-2010-0581: Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attacke Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."

nvd

CVE-2010-0580CRITICALCVSS 10.0v12.3jkv12.3t+41 more2010-03-25

CVE-2010-0580 [CRITICAL] CVE-2010-0580: Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attacke Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability."

nvd

CVE-2010-0586HIGHCVSS 7.8v12.1ydv12.1ye+91 more2010-03-25

CVE-2010-0586 [HIGH] CVE-2010-0586: Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unifie Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerabi

nvd

CVE-2010-0577HIGHCVSS 7.1v12.2bv12.2bc+134 more2010-03-25

CVE-2010-0577 [HIGH] CWE-399 CVE-2010-0577: Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allow Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186.

nvd

CVE-2010-0583HIGHCVSS 7.8v12.1xuv12.1yd+1 more2010-03-25

CVE-2010-0583 [HIGH] CWE-399 CVE-2010-0583: Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855.

nvd

CVE-2010-0585HIGHCVSS 7.8v12.1ydv12.1ye+91 more2010-03-25

CVE-2010-0585 [HIGH] CVE-2010-0585: Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unifie Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerab

nvd

CVE-2010-0578HIGHCVSS 7.8v12.2sbv12.2sca+59 more2010-03-25

CVE-2010-0578 [HIGH] CWE-310 CVE-2010-0578: The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allo The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491.

nvd

CVE-2010-0579HIGHCVSS 7.8v12.3jkv12.3t+41 more2010-03-25

CVE-2010-0579 [HIGH] CVE-2010-0579: The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of servi The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability."

nvd

CVE-2010-0582HIGHCVSS 7.8v12.1xuv12.1yd+99 more2010-03-25

CVE-2010-0582 [HIGH] CVE-2010-0582: Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial o Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962.

nvd

CVE-2010-0576HIGHCVSS 7.8v12.0sv12.0sl+166 more2010-03-25

CVE-2010-0576 [HIGH] CVE-2010-0576: Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, a Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers to cause a denial of service (device reload or process restart) via a crafted LDP packet, aka Bug IDs CSCsz45567 an

nvd

← Previous21 / 30Next →