Cisco iOS vulnerabilities

CVE-2004-0244 [MEDIUM] CWE-20 CVE-2004-0244: Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWA Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet.

CVE-2004-0112 [MEDIUM] CWE-125 CVE-2004-0112: The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVE-2004-0589 [MEDIUM] CVE-2004-0589: Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allo Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.

CVE-2004-0714 [MEDIUM] CVE-2004-0714: Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited ope Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption).

CVE-2004-0710 [MEDIUM] CVE-2004-0710: IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Seri IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet.

CVE-2004-0054 [HIGH] CVE-2004-0054: Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allo Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

CVE-2003-1398 [CRITICAL] CWE-200 CVE-2003-1398: Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, whic Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).

CVE-2003-1109 [HIGH] CVE-2003-1109: The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone m The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

CVE-2003-0851 [MEDIUM] CVE-2003-0851: OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

CVE-2003-0647 [HIGH] CVE-2003-0647: Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.

CVE-2003-0512 [MEDIUM] CWE-310 CVE-2003-0512: Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.

CVE-2003-0511 [MEDIUM] CVE-2003-0511: The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.

CVE-2003-0567 [HIGH] CWE-20 CVE-2003-0567: Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic b Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.

CVE-2003-0305 [MEDIUM] CVE-2003-0305: The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.

CVE-2003-0100 [HIGH] CVE-2003-0100: Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service a Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.

CVE-2002-1706 [HIGH] CWE-347 CVE-2002-1706: Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.

CVE-2002-2208 [HIGH] CVE-2002-2208: Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 an Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.

CVE-2002-2315 [HIGH] CVE-2002-2315: Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attac Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router.

CVE-2002-2239 [HIGH] CWE-20 CVE-2002-2239: The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1( The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet.

CVE-2002-2052 [MEDIUM] CVE-2002-2052: Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cau Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router. NOTE: the vendor could not reproduce this issue, saying that the original reporter was using an