This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2017-6736
Vendor: Cisco
Product: IOS and IOS XE Software
Added: 2022-03-03
Due Date: 2022-03-24
Description:
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-6663
Vendor: Cisco
Product: IOS and IOS XE Software
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in denial-of-service (DoS).
Required Action:
Apply updates per vendor instructions.
CVE-2017-6627
Vendor: Cisco
Product: IOS and IOS XE Software
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and denial of service.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-12319
Vendor: Cisco
Product: IOS XE Software
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-12240
Vendor: Cisco
Product: IOS and IOS XE Software
Added: 2022-03-03
Due Date: 2022-03-24
Description:
The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-12238
Vendor: Cisco
Product: Catalyst 6800 Series Switches
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-12237
Vendor: Cisco
Product: IOS and IOS XE Software
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-12235
Vendor: Cisco
Product: IOS software
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-12234
Vendor: Cisco
Product: IOS software
Added: 2022-03-03
Due Date: 2022-03-24
Description:
There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-12233
Vendor: Cisco
Product: IOS software
Added: 2022-03-03
Due Date: 2022-03-24
Description:
There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-12232
Vendor: Cisco
Product: IOS software
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-12231
Vendor: Cisco
Product: IOS software
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-11826
Vendor: Microsoft
Product: Office
Added: 2022-03-03
Due Date: 2022-03-24
Description:
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-11292
Vendor: Adobe
Product: Flash Player
Added: 2022-03-03
Due Date: 2022-03-24
Description:
Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
CWEs:
CVE-2017-0261
Vendor: Microsoft
Product: Office
Added: 2022-03-03
Due Date: 2022-03-24
Description:
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs: