CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 3198 | CVE-2001-0380 | Candidate | Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string "ILMI". | Modified (20090302) | MODIFY(1) Frech | NOOP(4) Christey, Cole, Wall, Ziese | Frech> XF:cisco-ios-modify-snmp(6169) | Christey> Fix the date of the Bugtraq post | Christey> The Bugtraq poster didn"t provide many details, but said that | the vendor was out of business. It"s possible that this ILMI | community string has no relationship with the Cisco ILMI | problem, in which case this should remain a separate CAN. | Christey> Further research suggests that ILMI is a standard | specification for ATM, and therefore this CAN should remain split from | the Cisco ILMI problem (CVE-2001-0711). | View |
| 3519 | CVE-2001-0711 | Candidate | Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. | Modified (20020228-01) | ACCEPT(5) Baker, Balinsky, Cole, Foat, Stracener | MODIFY(1) Frech | NOOP(2) Christey, Wall | Frech> XF:cisco-ios-modify-snmp(6169) | Christey> Change desc to say that the ILMI allows viewing/modification | of certain objects, which *then* leads to a DoS. | | Thanks to Andre Frech for noticing this. | | CERT-VN:VU#976280 | View |
| 452 | CVE-1999-0453 | Candidate | An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). | Modified (20040512-02) | ACCEPT(2) Baker, Balinsky | MODIFY(1) Frech | NOOP(2) Northcutt, Wall | REVIEWING(1) Christey | Frech> XF:cisco-ident(2289) | ADDREF BUGTRAQ:19990118 Remote Cisco Identification | In description, probably better to use "Cisco" as product/company name. | Balinsky> CiscoSecure IDS has a signature for this...ID 3602 Cisco IOS Identity. | Christey> There may be a slight abstraction problem here, e.g. look | at the candidate for queso/nmap; also see followup Bugtraq post | from "Basement Research" on 19990120 which says that there are | many other features in Cisco products that allow remote | identification. | Christey> fix typo: "Dicsovery" | View |
| 5260 | CVE-2002-0870 | Candidate | The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549. | Proposed (20020830) | ACCEPT(4) Armstrong, Baker, Cole, Wall | MODIFY(1) Frech | NOOP(2) Cox, Foat | Frech> XF:cisco-css-web-management(6631) | View |
| 1022 | CVE-1999-1042 | Candidate | Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings. | Proposed (20010912) | ACCEPT(3) Cole, Foat, Stracener | MODIFY(1) Frech | NOOP(1) Wall | REJECT(3) Armstrong, Balinsky, Christey | Frech> XF:cisco-crm-file-vuln(1575) | Armstrong> I think that this is the same as Can-1999-1126 | Balinsky> This is the same as CVE-1999-1126. Merge them. | Christey> DUPE CVE-1999-1126, as noted by others. | This candidate will be rejected. CVE-1999-1126 will be | promoted. | View |
Page 193 of 20943, showing 5 records out of 104715 total, starting on record 961, ending on 965
