All the vulnerabilites related to cisco - intrusion_prevention_system
Vulnerability from fkie_nvd
Published
2014-10-19 01:55
Modified
2024-11-21 02:08
Severity ?
Summary
Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3406Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=36078Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3406Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=36078Vendor Advisory
Impacted products
Vendor Product Version
cisco intrusion_prevention_system *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05E17004-AA3B-4649-B0EE-D83E5B516EC6",
              "versionEndIncluding": "7.1\\(7\\)e4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085."
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en la caracteristica de registraci\u00f3n de IIP en Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de trafico IP manipulado que coincide con una regla problem\u00e1tica, tambi\u00e9n conocido como Bug ID CSCud82085."
    }
  ],
  "id": "CVE-2014-3406",
  "lastModified": "2024-11-21T02:08:01.513",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-19T01:55:13.683",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3406"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36078"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-06-18 19:41
Modified
2024-11-21 00:45
Severity ?
Summary
Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames."
References
ykramarz@cisco.comhttp://secunia.com/advisories/30767
ykramarz@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a00809b3842.shtmlPatch
ykramarz@cisco.comhttp://www.securityfocus.com/bid/29791
ykramarz@cisco.comhttp://www.securitytracker.com/id?1020326
ykramarz@cisco.comhttp://www.vupen.com/english/advisories/2008/1872/references
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/43166
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30767
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a00809b3842.shtmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/29791
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020326
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1872/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/43166
Impacted products
Vendor Product Version
cisco intrusion_prevention_system 5.1
cisco intrusion_prevention_system 6.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D846D9B7-CB24-40C6-B7A4-2ABFF0D43442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B010D14A-7275-454B-B2F8-31EE0D34C24F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a \"specific series of jumbo Ethernet frames.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en Cisco Intrusion Prevention System (IPS) 5.x anterior a 5.1(8)E2 y 6.x anterior 6.0(5)E2, cuando el modo inline y el soporte Jumbo Ethernet est\u00e1n activados, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda), y posiblemente evitar restricciones previstas sobre el tr\u00e1fico de red a trav\u00e9s de \"series espec\u00edficas de estructuras Jumbo Ethernet\""
    }
  ],
  "id": "CVE-2008-2060",
  "lastModified": "2024-11-21T00:45:59.500",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 7.8,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-06-18T19:41:00.000",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/30767"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b3842.shtml"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/29791"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id?1020326"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.vupen.com/english/advisories/2008/1872/references"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b3842.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1872/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43166"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-05-03 10:11
Modified
2024-11-21 01:31
Severity ?
Summary
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204.
References
ykramarz@cisco.comhttp://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txt
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txt
Impacted products
Vendor Product Version
cisco intrusion_prevention_system 7.0
cisco intrusion_prevention_system 7.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03105E7F-12F8-4497-8A27-BD2F1653FD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F03BDC3C-E7F1-41C1-B89C-1DB1D3997DC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204."
    },
    {
      "lang": "es",
      "value": "El sensor en Cisco Intrusion Prevention System (IPS) v7.0 y v7.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento  del manejo de archivo y la ca\u00edda de MainApp) mediante intentos de autenticaci\u00f3n que excedan el l\u00edmite configurado, tambi\u00e9n conocido como Bug ID CSCto51204."
    }
  ],
  "id": "CVE-2011-4022",
  "lastModified": "2024-11-21T01:31:42.717",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-03T10:11:39.593",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txt"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-07-18 12:48
Modified
2024-11-21 01:53
Severity ?
Summary
Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorrect memory allocation, aka Bug ID CSCua61977.
References
ykramarz@cisco.comhttp://secunia.com/advisories/54243
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ipsVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54243
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ipsVendor Advisory
Impacted products
Vendor Product Version
cisco intrusion_prevention_system *
cisco intrusion_prevention_system 7.0
cisco intrusion_prevention_system 7.0\(1\)e3
cisco intrusion_prevention_system 7.0\(2\)e3
cisco intrusion_prevention_system 7.0\(2\)e4
cisco intrusion_prevention_system 7.0\(3\)e4
cisco intrusion_prevention_system 7.0\(4\)e4
cisco intrusion_prevention_system 7.0\(5a\)e4
cisco intrusion_prevention_system 7.0\(6\)e4
cisco intrusion_prevention_system 7.0\(7\)e4
cisco ips_nme -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD4BC15-7211-4DE7-A1CD-A95515A66FD6",
              "versionEndIncluding": "7.0\\(8\\)e4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03105E7F-12F8-4497-8A27-BD2F1653FD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(1\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F57CD3-EA32-4814-A021-3CEB23900E18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(2\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCEF522-431E-49D3-84F8-24EBE0D03E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(2\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5961030A-ADD4-4BA6-A691-275DE6D9E1B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(3\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F422BC-E40B-4EC6-B0A5-7CD3A3C92B4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(4\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BA1FCB-DF1B-42E5-BBF3-808119AF80ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(5a\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6074CC8-4A49-4A31-809F-B87E4B80D179",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(6\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "20548D0B-8B3C-468F-8966-13019C4D69C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(7\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3206DA6-FE23-4214-A1F8-3C212C2768BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ips_nme:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C5FD488-E20E-4622-8536-EACAF3B5D37E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorrect memory allocation, aka Bug ID CSCua61977."
    },
    {
      "lang": "es",
      "value": "Cisco Intrusion Prevention System (IPS) Software en dispositivos IPS NME anterior a  v7.0(9)E4 permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio del dispositivo) mediante paquetes IPv4 malformados que lanzan una incorrecta asignaci\u00f3n de memoria, tambi\u00e9n conocido con el bug ID CSCua61977."
    }
  ],
  "id": "CVE-2013-3410",
  "lastModified": "2024-11-21T01:53:34.900",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-18T12:48:56.953",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/54243"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/54243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-07-18 12:48
Modified
2024-11-21 01:53
Severity ?
Summary
The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to cause a denial of service (device hang) via malformed IPv4 TCP packets, aka Bug ID CSCuh27460.
References
ykramarz@cisco.comhttp://secunia.com/advisories/54242
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ipsVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54242
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ipsVendor Advisory
Impacted products
Vendor Product Version
cisco intrusion_prevention_system -
cisco idsm-2 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E16E072-D112-4A27-83E2-CCF07BB33F2A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:idsm-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27B1C50D-71C6-44C6-8358-6CEADFF764BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to cause a denial of service (device hang) via malformed IPv4 TCP packets, aka Bug ID CSCuh27460."
    },
    {
      "lang": "es",
      "value": "Los drivers IDSM-2 en Cisco Intrusion Prevention System (IPS) Software en Cisco Catalyst 6500 con el m\u00f3dulo IDSM-2 module permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue del dispositivo) a trav\u00e9s de paquetes TCP IPv4 malformados, tambi\u00e9n conocido como Bug ID CSCuh27460."
    }
  ],
  "id": "CVE-2013-3411",
  "lastModified": "2024-11-21T01:53:35.023",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-18T12:48:56.960",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/54242"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/54242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-07-18 12:48
Modified
2024-11-21 01:49
Severity ?
Summary
Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote attackers to cause a denial of service (Analysis Engine process hang or device reload) via fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCue51272.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ipsVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ipsVendor Advisory
Impacted products
Vendor Product Version
cisco asa_5500-x_series_ips_ssp_software 7.1
cisco intrusion_prevention_system *
cisco asa_5585-x -
cisco idsm-2 -
cisco ips_4345_sensor -
cisco ips_4360_sensor -
cisco ips_4510_sensor -
cisco ips_4520_sensor -
cisco ips_nme -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asa_5500-x_series_ips_ssp_software:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFFF761D-FDCA-4C42-90F7-4ACC4AFDC91E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB52B55-821B-481B-B0F5-D3EB791C5E20",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:idsm-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27B1C50D-71C6-44C6-8358-6CEADFF764BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4345_sensor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A11416-D90F-45DB-AD42-A24C724129A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4360_sensor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C566775-ED73-4A5C-BCA9-F2C9C1B6A028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4510_sensor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E986EA-86DC-42F7-91DA-D98E442AD26C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4520_sensor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "836AE393-0005-41C6-B784-9A8045296725",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_nme:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C5FD488-E20E-4622-8536-EACAF3B5D37E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote attackers to cause a denial of service (Analysis Engine process hang or device reload) via fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCue51272."
    },
    {
      "lang": "es",
      "value": "Cisco Intrusion Prevention System (IPS) Software en ASA 5500-X IPS-SSP anterior a v7.1(7)sp1E4 permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue del proceso Analysis Engine o reinicio del dispositivo) mediante paquetes (1) IPv4 o (2) IPv6 fragmentados, tambi\u00e9n conocido como Bug ID CSCue51272."
    }
  ],
  "id": "CVE-2013-1218",
  "lastModified": "2024-11-21T01:49:08.087",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-18T12:48:56.047",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-04-29 12:20
Modified
2024-11-21 01:49
Severity ?
Summary
SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3) show statistics anomaly-detection, or (4) clear database action, aka Bug ID CSCuc74630.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1219Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1219Vendor Advisory
Impacted products
Vendor Product Version
cisco intrusion_prevention_system *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:intrusion_prevention_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7D9E05D-DF28-4BC3-A54E-9F0682197939",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3) show statistics anomaly-detection, or (4) clear database action, aka Bug ID CSCuc74630."
    },
    {
      "lang": "es",
      "value": "SensorApp en Cisco Intrusion Prention System (IPS) permite a usuarios locales causar una denegaci\u00f3n de servicios (fallo en tareas hardware Regex y manejo de palicaciones) a trav\u00e9s de (1) iniciar la actualizaci\u00f3n de la firma, (2) iniciar correlation global, (3) mostrar estad\u00edsticas de detecci\u00f3n de anomal\u00edas, o (4) limpiar la base de datos, tambi\u00e9n conocido como Bug ID CSCuc74630."
    }
  ],
  "id": "CVE-2013-1219",
  "lastModified": "2024-11-21T01:49:08.213",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 2.7,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-29T12:20:36.250",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1219"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-09-19 18:55
Modified
2024-11-21 01:57
Severity ?
Summary
The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148.
References
ykramarz@cisco.comhttp://osvdb.org/97525
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5497Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=30913Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/62517Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1029057Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/87280
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/97525
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5497Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=30913Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/62517Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029057Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/87280
Impacted products
Vendor Product Version
cisco intrusion_prevention_system *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:intrusion_prevention_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7D9E05D-DF28-4BC3-A54E-9F0682197939",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148."
    },
    {
      "lang": "es",
      "value": "El proceso gestor de autenticaci\u00f3n en el framework web en Cisco Intrusion Prevention System (IPS) no maneja adecuadamente tokens de usuario, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda intermitente de MainApp) a trav\u00e9s de una petici\u00f3n de conexi\u00f3n de una interfaz de gesti\u00f3n manipulada. Aka Bug ID CSCuf20148."
    }
  ],
  "id": "CVE-2013-5497",
  "lastModified": "2024-11-21T01:57:35.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-19T18:55:05.620",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/97525"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5497"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30913"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62517"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029057"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/97525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30913"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87280"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-02-27 20:55
Modified
2024-11-21 02:05
Severity ?
Summary
Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2103Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2103Vendor Advisory
Impacted products
Vendor Product Version
cisco intrusion_prevention_system 5.1
cisco intrusion_prevention_system 6.0
cisco intrusion_prevention_system 6.0.2.0
cisco intrusion_prevention_system 7.0
cisco intrusion_prevention_system 7.0\(1\)e3
cisco intrusion_prevention_system 7.0\(2\)e3
cisco intrusion_prevention_system 7.0\(2\)e4
cisco intrusion_prevention_system 7.0\(3\)e4
cisco intrusion_prevention_system 7.0\(4\)e4
cisco intrusion_prevention_system 7.0\(5a\)e4
cisco intrusion_prevention_system 7.0\(6\)e4
cisco intrusion_prevention_system 7.0\(7\)e4
cisco intrusion_prevention_system 7.0\(8\)e4
cisco intrusion_prevention_system 7.0\(9\)e4
cisco intrusion_prevention_system 7.1
cisco intrusion_prevention_system *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D846D9B7-CB24-40C6-B7A4-2ABFF0D43442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B010D14A-7275-454B-B2F8-31EE0D34C24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:6.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5853BC19-384F-423B-B376-D001B8AA099C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03105E7F-12F8-4497-8A27-BD2F1653FD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(1\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F57CD3-EA32-4814-A021-3CEB23900E18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(2\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCEF522-431E-49D3-84F8-24EBE0D03E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(2\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5961030A-ADD4-4BA6-A691-275DE6D9E1B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(3\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F422BC-E40B-4EC6-B0A5-7CD3A3C92B4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(4\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BA1FCB-DF1B-42E5-BBF3-808119AF80ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(5a\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6074CC8-4A49-4A31-809F-B87E4B80D179",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(6\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "20548D0B-8B3C-468F-8966-13019C4D69C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(7\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3206DA6-FE23-4214-A1F8-3C212C2768BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(8\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C07BDE6-25D7-49D5-AEAD-6BE3D1F5F171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(9\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5887C44-EEA8-4AB8-9136-790D1E8C8B45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F03BDC3C-E7F1-41C1-B89C-1DB1D3997DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:intrusion_prevention_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7D9E05D-DF28-4BC3-A54E-9F0682197939",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309."
    },
    {
      "lang": "es",
      "value": "Cisco Intrusion Prevention System (IPS) Software permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n del proceso MainApp) a trav\u00e9s de paquetes SNMP malformados, tambi\u00e9n conocido como Bug IDs CSCum52355 y CSCul49309."
    }
  ],
  "id": "CVE-2014-2103",
  "lastModified": "2024-11-21T02:05:39.637",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-27T20:55:06.957",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2103"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-03-13 01:59
Modified
2024-11-21 02:23
Severity ?
Summary
Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ipsVendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1031908
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ipsVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1031908
Impacted products
Vendor Product Version
cisco intrusion_prevention_system 7.2\(1\)e4
cisco intrusion_prevention_system 7.2\(2\)e4
cisco intrusion_prevention_system 7.3\(2\)e4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.2\\(1\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65094FE8-DD3C-431A-823D-545553DAF743",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.2\\(2\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44455CE-9C60-4BF0-A8AA-AB2658B4ECC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.3\\(2\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E2DCE37-4F7F-4B37-9A65-62C9C7FA79E3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652."
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en la implementaci\u00f3n TLS en MainApp en la interfaz de gesti\u00f3n en Cisco Intrusion Prevention System (IPS) Software anterior a 7.3(3)E4 permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue del proceso) mediante el establecimiento de muchas sesiones HTTPS, tambi\u00e9n conocido como Bug ID CSCuq40652."
    }
  ],
  "id": "CVE-2015-0654",
  "lastModified": "2024-11-21T02:23:28.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-03-13T01:59:33.240",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1031908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031908"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-10-10 10:55
Modified
2024-11-21 02:08
Severity ?
Summary
The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, which allows remote attackers to cause a denial of service (temporary MainApp hang) via a crafted connection request to the management interface, aka Bug ID CSCuq39550.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=36014Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=36014Vendor Advisory
Impacted products
Vendor Product Version
cisco intrusion_prevention_system *
cisco intrusion_prevention_system 7.0
cisco intrusion_prevention_system 7.0\(1\)e3
cisco intrusion_prevention_system 7.0\(2\)e3
cisco intrusion_prevention_system 7.0\(2\)e4
cisco intrusion_prevention_system 7.0\(3\)e4
cisco intrusion_prevention_system 7.0\(4\)e4
cisco intrusion_prevention_system 7.0\(5a\)e4
cisco intrusion_prevention_system 7.0\(6\)e4
cisco intrusion_prevention_system 7.0\(7\)e4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD4BC15-7211-4DE7-A1CD-A95515A66FD6",
              "versionEndIncluding": "7.0\\(8\\)e4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03105E7F-12F8-4497-8A27-BD2F1653FD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(1\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F57CD3-EA32-4814-A021-3CEB23900E18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(2\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCEF522-431E-49D3-84F8-24EBE0D03E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(2\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5961030A-ADD4-4BA6-A691-275DE6D9E1B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(3\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F422BC-E40B-4EC6-B0A5-7CD3A3C92B4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(4\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BA1FCB-DF1B-42E5-BBF3-808119AF80ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(5a\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6074CC8-4A49-4A31-809F-B87E4B80D179",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(6\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "20548D0B-8B3C-468F-8966-13019C4D69C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0\\(7\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3206DA6-FE23-4214-A1F8-3C212C2768BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, which allows remote attackers to cause a denial of service (temporary MainApp hang) via a crafted connection request to the management interface, aka Bug ID CSCuq39550."
    },
    {
      "lang": "es",
      "value": "El proceso de gesti\u00f3n de autenticaci\u00f3n en el Framework web en Cisco Intrusion Prevention System (IPS) 7.0(8)E4 y anteriiores en Cisco Intrusion Detection System (IDS) no maneja debidamente los tokens de usuarios, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue temporal de MainApp) a trav\u00e9s de una solicitud de conexi\u00f3n manipulada a la interfaz de gesti\u00f3n, tambi\u00e9n conocido como Bug ID CSCuq39550."
    }
  ],
  "id": "CVE-2014-3402",
  "lastModified": "2024-11-21T02:08:01.057",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-10T10:55:06.727",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36014"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-16 10:34
Modified
2024-11-21 01:41
Severity ?
Summary
The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144.
References
ykramarz@cisco.comhttp://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.htmlVendor Advisory
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/78870
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/78870
Impacted products
Vendor Product Version
cisco intrusion_prevention_system 7.0
cisco intrusion_prevention_system 7.1
cisco ips_4240 *
cisco ips_4250_sx *
cisco ips_4255 *
cisco ips_4260 *
cisco ips_4270-20 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03105E7F-12F8-4497-8A27-BD2F1653FD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F03BDC3C-E7F1-41C1-B89C-1DB1D3997DC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ips_4240:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "661A7A3E-09E3-44DA-AEB5-8021BCEF30EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4250_sx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8C8063-E6F7-44AB-8FCB-2FDCBE54CBF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4255:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2BCB3B-CE33-4B96-A125-8E7001845A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4260:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C3637DA-60C8-4F15-8906-F67ADA344A18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4270-20:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9F6387E-B7DF-4146-B24F-0D99190FA71B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n updateTime en sensorApp en Cisco IPS serie 4200 sensores v7.0 y v7.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso e inspecci\u00f3n de tr\u00e1fico fuera del rango) a trav\u00e9s de tr\u00e1fico de redes, tambi\u00e9n conocido como Bug ID CSCta96144."
    }
  ],
  "id": "CVE-2012-3901",
  "lastModified": "2024-11-21T01:41:48.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-16T10:34:50.940",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.html"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78870"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-07-18 12:48
Modified
2024-11-21 01:49
Severity ?
Summary
The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors before 7.1(6)E4, and IPS 4300 sensors before 7.1(5)E4 allows remote attackers to cause a denial of service (MainApp process hang) via malformed IPv4 packets, aka Bug ID CSCtx18596.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ipsVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ipsVendor Advisory
Impacted products
Vendor Product Version
cisco asa_5500-x_series_ips_ssp_software 7.1
cisco intrusion_prevention_system *
cisco asa_5585-x -
cisco idsm-2 -
cisco ips_4345_sensor -
cisco ips_4360_sensor -
cisco ips_4510_sensor -
cisco ips_4520_sensor -
cisco ips_nme -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asa_5500-x_series_ips_ssp_software:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFFF761D-FDCA-4C42-90F7-4ACC4AFDC91E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB52B55-821B-481B-B0F5-D3EB791C5E20",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:idsm-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27B1C50D-71C6-44C6-8358-6CEADFF764BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4345_sensor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A11416-D90F-45DB-AD42-A24C724129A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4360_sensor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C566775-ED73-4A5C-BCA9-F2C9C1B6A028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4510_sensor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E986EA-86DC-42F7-91DA-D98E442AD26C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4520_sensor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "836AE393-0005-41C6-B784-9A8045296725",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_nme:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C5FD488-E20E-4622-8536-EACAF3B5D37E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors before 7.1(6)E4, and IPS 4300 sensors before 7.1(5)E4 allows remote attackers to cause a denial of service (MainApp process hang) via malformed IPv4 packets, aka Bug ID CSCtx18596."
    },
    {
      "lang": "es",
      "value": "La pila IP en Cisco Intrusion Prevention System (IPS) Software en ASA 5500-X IPS-SSP y m\u00f3dulos hardware anterior a v7.1(5)E4, sensores IPS 4500 anterior a v7.1(6)E4, y sensores IPS 4300 anterior a v7.1(5)E4 permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue del proceso MainApp ) mediante paquetes IPv4 malformados, tambi\u00e9n conocido como Bug ID CSCtx18596."
    }
  ],
  "id": "CVE-2013-1243",
  "lastModified": "2024-11-21T01:49:10.733",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-18T12:48:56.927",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-16 10:34
Modified
2024-11-21 01:41
Severity ?
Summary
sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051.
References
ykramarz@cisco.comhttp://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txtVendor Advisory
Impacted products
Vendor Product Version
cisco intrusion_prevention_system 6.0
cisco intrusion_prevention_system 6.2
cisco intrusion_prevention_system 7.0
cisco ips_4240 *
cisco ips_4250_sx *
cisco ips_4255 *
cisco ips_4260 *
cisco ips_4270-20 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B010D14A-7275-454B-B2F8-31EE0D34C24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B235817-21BA-40AF-AC39-7343007ABF55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intrusion_prevention_system:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03105E7F-12F8-4497-8A27-BD2F1653FD38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ips_4240:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "661A7A3E-09E3-44DA-AEB5-8021BCEF30EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4250_sx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8C8063-E6F7-44AB-8FCB-2FDCBE54CBF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4255:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2BCB3B-CE33-4B96-A125-8E7001845A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4260:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C3637DA-60C8-4F15-8906-F67ADA344A18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ips_4270-20:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9F6387E-B7DF-4146-B24F-0D99190FA71B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051."
    },
    {
      "lang": "es",
      "value": "sensorApp en Cisco IPS serie 4200 sensores v6.0, v6.2, y v7.0 no direcciona la memoria de forma adecuada, lo que podr\u00eda permitir a atacantes remotod provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria, ca\u00edda del proceso e inspecci\u00f3n del tr\u00e1fico fuera de rango) a trav\u00e9s del tr\u00e1fico de red, tambi\u00e9n conocido como Bug ID CSCtn23051."
    }
  ],
  "id": "CVE-2012-3899",
  "lastModified": "2024-11-21T01:41:48.560",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-16T10:34:50.910",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txt"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2011-4022
Vulnerability from cvelistv5
Published
2012-05-03 10:00
Modified
2024-09-16 20:43
Severity ?
Summary
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204.
References
http://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txtx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:53:32.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-05-03T10:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-4022",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txt",
              "refsource": "CONFIRM",
              "url": "http://www.cisco.com/web/software/282549709/56954/IPS-7-1-3-E4_readme.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-4022",
    "datePublished": "2012-05-03T10:00:00Z",
    "dateReserved": "2011-10-06T00:00:00Z",
    "dateUpdated": "2024-09-16T20:43:09.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3402
Vulnerability from cvelistv5
Published
2014-10-10 10:00
Modified
2024-08-06 10:43
Severity ?
Summary
The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, which allows remote attackers to cause a denial of service (temporary MainApp hang) via a crafted connection request to the management interface, aka Bug ID CSCuq39550.
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=36014x_refsource_CONFIRM
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:05.824Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36014"
          },
          {
            "name": "20141007 Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, which allows remote attackers to cause a denial of service (temporary MainApp hang) via a crafted connection request to the management interface, aka Bug ID CSCuq39550."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-10-10T05:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36014"
        },
        {
          "name": "20141007 Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3402",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, which allows remote attackers to cause a denial of service (temporary MainApp hang) via a crafted connection request to the management interface, aka Bug ID CSCuq39550."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36014",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36014"
            },
            {
              "name": "20141007 Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3402",
    "datePublished": "2014-10-10T10:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:43:05.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-2103
Vulnerability from cvelistv5
Published
2014-02-27 20:00
Modified
2024-08-06 10:05
Severity ?
Summary
Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2103vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:05:57.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140227 Cisco IPS MainApp SNMP Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2103"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-27T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20140227 Cisco IPS MainApp SNMP Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2103"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-2103",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140227 Cisco IPS MainApp SNMP Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2103"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-2103",
    "datePublished": "2014-02-27T20:00:00",
    "dateReserved": "2014-02-25T00:00:00",
    "dateUpdated": "2024-08-06T10:05:57.901Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3410
Vulnerability from cvelistv5
Published
2013-07-18 00:00
Modified
2024-08-06 16:07
Severity ?
Summary
Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorrect memory allocation, aka Bug ID CSCua61977.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ipsvendor-advisory, x_refsource_CISCO
http://secunia.com/advisories/54243third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:38.004Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130717 Multiple Vulnerabilities in Cisco Intrusion Prevention System Software",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
          },
          {
            "name": "54243",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54243"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorrect memory allocation, aka Bug ID CSCua61977."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-08-20T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130717 Multiple Vulnerabilities in Cisco Intrusion Prevention System Software",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
        },
        {
          "name": "54243",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54243"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3410",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorrect memory allocation, aka Bug ID CSCua61977."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130717 Multiple Vulnerabilities in Cisco Intrusion Prevention System Software",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
            },
            {
              "name": "54243",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54243"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3410",
    "datePublished": "2013-07-18T00:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:38.004Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-1243
Vulnerability from cvelistv5
Published
2013-07-18 00:00
Modified
2024-09-17 00:16
Severity ?
Summary
The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors before 7.1(6)E4, and IPS 4300 sensors before 7.1(5)E4 allows remote attackers to cause a denial of service (MainApp process hang) via malformed IPv4 packets, aka Bug ID CSCtx18596.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ipsvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:57:04.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130717 Multiple Vulnerabilities in Cisco Intrusion Prevention System Software",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors before 7.1(6)E4, and IPS 4300 sensors before 7.1(5)E4 allows remote attackers to cause a denial of service (MainApp process hang) via malformed IPv4 packets, aka Bug ID CSCtx18596."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-07-18T00:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130717 Multiple Vulnerabilities in Cisco Intrusion Prevention System Software",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1243",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors before 7.1(6)E4, and IPS 4300 sensors before 7.1(5)E4 allows remote attackers to cause a denial of service (MainApp process hang) via malformed IPv4 packets, aka Bug ID CSCtx18596."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130717 Multiple Vulnerabilities in Cisco Intrusion Prevention System Software",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1243",
    "datePublished": "2013-07-18T00:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-17T00:16:22.577Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3899
Vulnerability from cvelistv5
Published
2012-09-16 10:00
Modified
2024-09-17 00:05
Severity ?
Summary
sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051.
References
http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txtx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:03.914Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-16T10:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-3899",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txt",
              "refsource": "CONFIRM",
              "url": "http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2012-3899",
    "datePublished": "2012-09-16T10:00:00Z",
    "dateReserved": "2012-07-10T00:00:00Z",
    "dateUpdated": "2024-09-17T00:05:41.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3411
Vulnerability from cvelistv5
Published
2013-07-18 00:00
Modified
2024-08-06 16:07
Severity ?
Summary
The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to cause a denial of service (device hang) via malformed IPv4 TCP packets, aka Bug ID CSCuh27460.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ipsvendor-advisory, x_refsource_CISCO
http://secunia.com/advisories/54242third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130717 Multiple Vulnerabilities in Cisco Intrusion Prevention System Software",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
          },
          {
            "name": "54242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54242"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to cause a denial of service (device hang) via malformed IPv4 TCP packets, aka Bug ID CSCuh27460."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-08-20T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130717 Multiple Vulnerabilities in Cisco Intrusion Prevention System Software",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
        },
        {
          "name": "54242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54242"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3411",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to cause a denial of service (device hang) via malformed IPv4 TCP packets, aka Bug ID CSCuh27460."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130717 Multiple Vulnerabilities in Cisco Intrusion Prevention System Software",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
            },
            {
              "name": "54242",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54242"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3411",
    "datePublished": "2013-07-18T00:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.901Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-1218
Vulnerability from cvelistv5
Published
2013-07-18 00:00
Modified
2024-09-17 00:00
Severity ?
Summary
Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote attackers to cause a denial of service (Analysis Engine process hang or device reload) via fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCue51272.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ipsvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:57:04.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130717 Multiple Vulnerabilities in Cisco Intrusion Prevention System Software",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote attackers to cause a denial of service (Analysis Engine process hang or device reload) via fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCue51272."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-07-18T00:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130717 Multiple Vulnerabilities in Cisco Intrusion Prevention System Software",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1218",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote attackers to cause a denial of service (Analysis Engine process hang or device reload) via fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCue51272."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130717 Multiple Vulnerabilities in Cisco Intrusion Prevention System Software",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-ips"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1218",
    "datePublished": "2013-07-18T00:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-17T00:00:39.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5497
Vulnerability from cvelistv5
Published
2013-09-19 18:00
Modified
2024-08-06 17:15
Severity ?
Summary
The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5497vendor-advisory, x_refsource_CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=30913x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/87280vdb-entry, x_refsource_XF
http://osvdb.org/97525vdb-entry, x_refsource_OSVDB
http://www.securitytracker.com/id/1029057vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/62517vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130919 Cisco IPS Authentication Manager Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5497"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30913"
          },
          {
            "name": "cisco-ips-cve20135497-dos(87280)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87280"
          },
          {
            "name": "97525",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/97525"
          },
          {
            "name": "1029057",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029057"
          },
          {
            "name": "62517",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62517"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130919 Cisco IPS Authentication Manager Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5497"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30913"
        },
        {
          "name": "cisco-ips-cve20135497-dos(87280)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87280"
        },
        {
          "name": "97525",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/97525"
        },
        {
          "name": "1029057",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029057"
        },
        {
          "name": "62517",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62517"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5497",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130919 Cisco IPS Authentication Manager Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5497"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30913",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30913"
            },
            {
              "name": "cisco-ips-cve20135497-dos(87280)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87280"
            },
            {
              "name": "97525",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/97525"
            },
            {
              "name": "1029057",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029057"
            },
            {
              "name": "62517",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62517"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5497",
    "datePublished": "2013-09-19T18:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3406
Vulnerability from cvelistv5
Published
2014-10-19 01:00
Modified
2024-08-06 10:43
Severity ?
Summary
Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085.
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=36078x_refsource_CONFIRM
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3406vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:05.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36078"
          },
          {
            "name": "20141014 Cisco Intrusion Prevention System IP Logging Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3406"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-10-19T01:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36078"
        },
        {
          "name": "20141014 Cisco Intrusion Prevention System IP Logging Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3406"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3406",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36078",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36078"
            },
            {
              "name": "20141014 Cisco Intrusion Prevention System IP Logging Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3406"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3406",
    "datePublished": "2014-10-19T01:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:43:05.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3901
Vulnerability from cvelistv5
Published
2012-09-16 10:00
Modified
2024-08-06 20:21
Severity ?
Summary
The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144.
References
http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.htmlx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/78870vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:04.066Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.html"
          },
          {
            "name": "cisco-ips-updatetime-dos(78870)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78870"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.html"
        },
        {
          "name": "cisco-ips-updatetime-dos(78870)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78870"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-3901",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.html",
              "refsource": "CONFIRM",
              "url": "http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.html"
            },
            {
              "name": "cisco-ips-updatetime-dos(78870)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78870"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2012-3901",
    "datePublished": "2012-09-16T10:00:00",
    "dateReserved": "2012-07-10T00:00:00",
    "dateUpdated": "2024-08-06T20:21:04.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-1219
Vulnerability from cvelistv5
Published
2013-04-29 01:00
Modified
2024-09-16 22:08
Severity ?
Summary
SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3) show statistics anomaly-detection, or (4) clear database action, aka Bug ID CSCuc74630.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1219vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:57:03.533Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130426 Cisco IPS SensorApp Regex Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1219"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3) show statistics anomaly-detection, or (4) clear database action, aka Bug ID CSCuc74630."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-04-29T01:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130426 Cisco IPS SensorApp Regex Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1219"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1219",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3) show statistics anomaly-detection, or (4) clear database action, aka Bug ID CSCuc74630."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130426 Cisco IPS SensorApp Regex Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1219"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1219",
    "datePublished": "2013-04-29T01:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-16T22:08:21.902Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0654
Vulnerability from cvelistv5
Published
2015-03-13 01:00
Modified
2024-08-06 04:17
Severity ?
Summary
Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ipsvendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1031908vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:32.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150311 Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips"
          },
          {
            "name": "1031908",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031908"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-16T17:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150311 Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips"
        },
        {
          "name": "1031908",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031908"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0654",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150311 Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips"
            },
            {
              "name": "1031908",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031908"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0654",
    "datePublished": "2015-03-13T01:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:32.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-2060
Vulnerability from cvelistv5
Published
2008-06-18 19:29
Modified
2024-08-07 08:49
Severity ?
Summary
Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames."
References
http://www.cisco.com/en/US/products/products_security_advisory09186a00809b3842.shtmlvendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id?1020326vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/29791vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2008/1872/referencesvdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/30767third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/43166vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:49:57.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080618 Cisco Intrusion Prevention System Jumbo Frame Denial of Service",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b3842.shtml"
          },
          {
            "name": "1020326",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020326"
          },
          {
            "name": "29791",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29791"
          },
          {
            "name": "ADV-2008-1872",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1872/references"
          },
          {
            "name": "30767",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30767"
          },
          {
            "name": "cisco-ips-ethernetframes-dos(43166)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43166"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a \"specific series of jumbo Ethernet frames.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20080618 Cisco Intrusion Prevention System Jumbo Frame Denial of Service",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b3842.shtml"
        },
        {
          "name": "1020326",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020326"
        },
        {
          "name": "29791",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29791"
        },
        {
          "name": "ADV-2008-1872",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1872/references"
        },
        {
          "name": "30767",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30767"
        },
        {
          "name": "cisco-ips-ethernetframes-dos(43166)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43166"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-2060",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a \"specific series of jumbo Ethernet frames.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080618 Cisco Intrusion Prevention System Jumbo Frame Denial of Service",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b3842.shtml"
            },
            {
              "name": "1020326",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020326"
            },
            {
              "name": "29791",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29791"
            },
            {
              "name": "ADV-2008-1872",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1872/references"
            },
            {
              "name": "30767",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30767"
            },
            {
              "name": "cisco-ips-ethernetframes-dos(43166)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43166"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-2060",
    "datePublished": "2008-06-18T19:29:00",
    "dateReserved": "2008-05-02T00:00:00",
    "dateUpdated": "2024-08-07T08:49:57.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}