Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2011-AVI-026
Vulnerability from certfr_avis - Published: 2011-01-20 - Updated: 2011-01-20
Plusieurs vulnérabilités dans le système d'exploitation Cisco IOS permettent à un utilisateur malveillant de provoquer un déni de service à distance ou de contourner la politique de sécurité.
Description
Un utilisateur malveillant peut :
- provoquer un déni de service à distance au moyen de communications IRC, de flux SIP, de changements de numéro unique (SNR) ou d'annonces de routeurs en IPv6 ;
- contourner la politique de sécurité en raison d'une erreur dans la gestion des clefs publiques.
Solution
La version Cisco IOS 15.0(1)XA5 remédie à ces problèmes.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Cisco IOS 15.0(1)XA.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eCisco IOS 15.0(1)XA.\u003c/p\u003e",
"content": "## Description\n\nUn utilisateur malveillant peut :\n\n- provoquer un d\u00e9ni de service \u00e0 distance au moyen de communications\n IRC, de flux SIP, de changements de num\u00e9ro unique (SNR) ou\n d\u0027annonces de routeurs en IPv6\u00a0;\n- contourner la politique de s\u00e9curit\u00e9 en raison d\u0027une erreur dans la\n gestion des clefs publiques.\n\n## Solution\n\nLa version Cisco IOS 15.0(1)XA5 rem\u00e9die \u00e0 ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-4683",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4683"
},
{
"name": "CVE-2009-5040",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5040"
},
{
"name": "CVE-2010-4685",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4685"
},
{
"name": "CVE-2010-4686",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4686"
},
{
"name": "CVE-2010-4671",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4671"
},
{
"name": "CVE-2009-5038",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5038"
}
],
"initial_release_date": "2011-01-20T00:00:00",
"last_revision_date": "2011-01-20T00:00:00",
"links": [
{
"title": "Bulletin de version Cisco IOS 15.0(1)XA5 du 28 d\u00e9cembre 2010 :",
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
}
],
"reference": "CERTA-2011-AVI-026",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-01-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans le syst\u00e8me d\u0027exploitation Cisco IOS\npermettent \u00e0 un utilisateur malveillant de provoquer un d\u00e9ni de service\n\u00e0 distance ou de contourner la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Cisco IOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de version Cisco IOS 15.0(1)XA5 du 28 d\u00e9cembre 2010",
"url": null
}
]
}
CVE-2009-5038 (GCVE-0-2009-5038)
Vulnerability from cvelistv5 – Published: 2011-01-07 18:00 – Updated: 2024-08-07 07:24
VLAI
EPSS
Summary
Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/45764 | vdb-entryx_refsource_BID |
| http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15… | x_refsource_CONFIRM |
Date Public
2009-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciscoios-irctraffic-dos(64682)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64682"
},
{
"name": "45764",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45764"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a \"corrupted magic value,\" aka Bug ID CSCso05336."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ciscoios-irctraffic-dos(64682)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64682"
},
{
"name": "45764",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45764"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a \"corrupted magic value,\" aka Bug ID CSCso05336."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscoios-irctraffic-dos(64682)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64682"
},
{
"name": "45764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45764"
},
{
"name": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5038",
"datePublished": "2011-01-07T18:00:00.000Z",
"dateReserved": "2011-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:24:54.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5040 (GCVE-0-2009-5040)
Vulnerability from cvelistv5 – Published: 2011-01-07 18:00 – Updated: 2024-08-07 07:24
VLAI
EPSS
Summary
CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/45765 | vdb-entryx_refsource_BID |
| http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15… | x_refsource_CONFIRM |
Date Public
2009-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciscoios-callmanager-dos(64681)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64681"
},
{
"name": "45765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45765"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ciscoios-callmanager-dos(64681)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64681"
},
{
"name": "45765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45765"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscoios-callmanager-dos(64681)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64681"
},
{
"name": "45765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45765"
},
{
"name": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5040",
"datePublished": "2011-01-07T18:00:00.000Z",
"dateReserved": "2011-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:24:53.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4671 (GCVE-0-2010-4671)
Vulnerability from cvelistv5 – Published: 2011-01-07 11:00 – Updated: 2024-08-07 03:51
VLAI
EPSS
Summary
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/45760 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c… | x_refsource_MISC |
| http://www.ciscosystems.com/en/US/docs/ios/15_0/1… | x_refsource_CONFIRM |
| http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/… | x_refsource_MISC |
| http://events.ccc.de/congress/2010/Fahrplan/event… | x_refsource_MISC |
| http://www.youtube.com/watch?v=00yjWB6gGy8 | x_refsource_MISC |
Date Public
2010-12-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:18.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45760",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45760"
},
{
"name": "ciscoios-neighbor-discovery-dos(64589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=00yjWB6gGy8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45760",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45760"
},
{
"name": "ciscoios-neighbor-discovery-dos(64589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=00yjWB6gGy8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45760"
},
{
"name": "ciscoios-neighbor-discovery-dos(64589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64589"
},
{
"name": "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4",
"refsource": "MISC",
"url": "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4"
},
{
"name": "http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource": "CONFIRM",
"url": "http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name": "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3",
"refsource": "MISC",
"url": "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3"
},
{
"name": "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html"
},
{
"name": "http://www.youtube.com/watch?v=00yjWB6gGy8",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=00yjWB6gGy8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4671",
"datePublished": "2011-01-07T11:00:00.000Z",
"dateReserved": "2011-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:18.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4683 (GCVE-0-2010-4683)
Vulnerability from cvelistv5 – Published: 2011-01-07 18:00 – Updated: 2024-08-07 03:51
VLAI
EPSS
Summary
Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/45786 | vdb-entryx_refsource_BID |
| http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15… | x_refsource_CONFIRM |
Date Public
2010-12-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:18.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciscoios-sip-register-dos(64588)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64588"
},
{
"name": "45786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45786"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ciscoios-sip-register-dos(64588)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64588"
},
{
"name": "45786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45786"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscoios-sip-register-dos(64588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64588"
},
{
"name": "45786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45786"
},
{
"name": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4683",
"datePublished": "2011-01-07T18:00:00.000Z",
"dateReserved": "2011-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:18.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4685 (GCVE-0-2010-4685)
Vulnerability from cvelistv5 – Published: 2011-01-07 18:00 – Updated: 2024-08-07 03:51
VLAI
EPSS
Summary
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/45769 | vdb-entryx_refsource_BID |
Date Public
2010-01-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:18.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciscoios-certificate-security-bypass(64586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64586"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name": "45769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ciscoios-certificate-security-bypass(64586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64586"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name": "45769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45769"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscoios-certificate-security-bypass(64586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64586"
},
{
"name": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name": "45769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45769"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4685",
"datePublished": "2011-01-07T18:00:00.000Z",
"dateReserved": "2011-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:18.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4686 (GCVE-0-2010-4686)
Vulnerability from cvelistv5 – Published: 2011-01-07 18:00 – Updated: 2024-08-07 03:51
VLAI
EPSS
Summary
CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/45769 | vdb-entryx_refsource_BID |
Date Public
2010-01-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:18.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciscoios-siptrunk-dos(64585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64585"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name": "45769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a \"peculiar\" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ciscoios-siptrunk-dos(64585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64585"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name": "45769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45769"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a \"peculiar\" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscoios-siptrunk-dos(64585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64585"
},
{
"name": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name": "45769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45769"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4686",
"datePublished": "2011-01-07T18:00:00.000Z",
"dateReserved": "2011-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:18.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…