Filtered by vendor Cisco
Subscriptions
Filtered by product Catalyst 3850-12s-s
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1620 | 1 Cisco | 277 1000 Integrated Services Router, 1100-4g\/6g Integrated Services Router, 1100-4p Integrated Services Router and 274 more | 2024-11-21 | 7.7 High |
| A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition. | ||||
| CVE-2020-3508 | 1 Cisco | 141 1000v, 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router and 138 more | 2024-11-21 | 7.4 High |
| A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload. | ||||
| CVE-2019-12658 | 1 Cisco | 151 1100 Integrated Services R, 4221 Integrated Services R, 4321 Integrated Services R and 148 more | 2024-11-21 | 7.5 High |
| A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition. | ||||
| CVE-2019-12657 | 1 Cisco | 118 4321 Integrated Services Router, 4331 Integrated Services Router, 4351 Integrated Services Router and 115 more | 2024-11-21 | 7.5 High |
| A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | ||||
| CVE-2019-12649 | 1 Cisco | 87 Catalyst 3850-12s-e, Catalyst 3850-12s-s, Catalyst 3850-12xs-e and 84 more | 2024-11-21 | 6.7 Medium |
| A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device. | ||||