Cisco iOS vulnerabilities

CVE-2008-3799 [HIGH] CWE-772 CVE-2008-3799: Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages.

CVE-2008-3801 [HIGH] CVE-2008-3801: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability tha

CVE-2008-3811 [HIGH] CVE-2008-3811: Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabl Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnerability than CVE-2008-3810.

CVE-2008-3803 [MEDIUM] CVE-2008-3803: A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.

CVE-2008-4128 [CRITICAL] CWE-352 CVE-2008-4128: Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in C Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/h

CVE-2008-1150 [HIGH] CWE-399 CVE-2008-1150: The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attacker The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.

CVE-2008-1153 [HIGH] CVE-2008-1153: Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows r Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.

CVE-2008-1152 [HIGH] CWE-399 CVE-2008-1152: The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to c The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.

CVE-2008-1151 [HIGH] CWE-399 CVE-2008-1151: Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566.

CVE-2008-1156 [MEDIUM] CWE-16 CVE-2008-1156: Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IO Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.

CVE-2007-5651 [HIGH] CVE-2007-5651: Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IO Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via

CVE-2007-5381 [CRITICAL] CWE-119 CVE-2007-5381: Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4 Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515.

CVE-2007-4632 [MEDIUM] CVE-2007-4632: Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an admini Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.

CVE-2007-4430 [MEDIUM] CWE-20 CVE-2007-4430: Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access.

CVE-2007-4286 [CRITICAL] CWE-119 CVE-2007-4286: Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 1 Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.

CVE-2007-4292 [CRITICAL] CVE-2007-4292: Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of ser Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249.

CVE-2007-4285 [CRITICAL] CVE-2007-4285: Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions bef Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.

CVE-2007-4293 [HIGH] CVE-2007-4293: Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.

CVE-2007-4291 [HIGH] CVE-2007-4291: Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes

CVE-2007-4295 [MEDIUM] CVE-2007-4295: Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrar Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.