It seems that, even though a regular (non-"enabled") user should not be able to see the access-lists or other security-related information in the router, one can do just that. The online help systems doesn't list the commands as being available, but out of 75 extra "show" options that are available in "enable" mode (on a 12.0(5)3640), only 13 were actually restricted.
2c33ae7e113f98c67d0be4eb389aefb18fd47f1579f69e7636939aefb440a243
Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability when handling crafted packets that may result in a denial of service condition. The vulnerability only exists on Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP-4G and RSP-8G), Route Switch Processor 440 (RSP440), and Cisco Carrier Routing System (CRS) Performance Route Processor (PRP). The vulnerability is a result of improper handling of crafted packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Cisco has released free software updates that address this vulnerability.
bc07f2e416a80379a131e30d960f750f093f1907368c5841670468346b98ce8e
Secunia Security Advisory - A vulnerability has been reported in Cisco NX-OS, which can be exploited by malicious people to cause a DoS (Denial of Service).
5c5a1b4f1ce0aa8b64f4536e08eadfb68c330f841e9c01c46cd3c741294e6ff0
Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious users to cause a DoS (Denial of Service).
1d366967d1b82f4b9c5837e484d97357b744bb397a268d710d56649a30675bb5
Secunia Security Advisory - A vulnerability has been reported in Cisco Emergency Responder, which can be exploited by malicious people to cause a DoS (Denial of Service).
31abd24e1d2872079bee61ebde03a5058e0b908e4157ba4801fd98519e9b273e
This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
5a88ff9a13dc712f648150200591ec804a09cb0631600c4db7449f3c17604a4b
This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
2dfadd85c9c6ae2a3b6dbc4fd0a0377aac24947c5d90300dbf9bd50e9aa7ebe9
Secunia Security Advisory - Craig has reported a vulnerability in Cisco Linksys WMB54G, which can be exploited by malicious people to compromise a vulnerable device.
5f0151cdf237cc30c08bd74edb81d0e52c223ec4e57eeda993b98b075c67f682
Secunia Research has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code. Cisco Linksys PlayerPT ActiveX Control version 1.0.0.15 is affected. Other versions may also be affected.
a88c10267158fe9cf2d434bc63948819deb102117186a70288596b16e3102081
Secunia Security Advisory - Two vulnerabilities have been reported in Cisco TelePresence Recording Server, which can be exploited by malicious users and malicious people to compromise a vulnerable system.
b46cf5c8f2812c023d66e4edc54e57823710c5c81841179cd9cb5bbbee62c056
Secunia Security Advisory - A vulnerability has been reported in Cisco TelePresence Recording Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
00c2ddf4bb6bc8b3f946ac76d0f85d7ad7918734cca82fce2af29634f9f4a978
Secunia Security Advisory - Some vulnerabilities have been reported in Cisco TelePresence Immersive Endpoint devices, which can be exploited by malicious users and malicious people to compromise a vulnerable system.
99c727268e6bcf935b6f9058e5bd8cadf187f68722a4d94bbaa312805fb19ec0
Secunia Security Advisory - Two vulnerabilities have been reported in Cisco TelePresence Manager and Cisco TelePresence Multipoint Switch, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
45f7113fc0a426fa4eda99fff5591e288461a6797817e2091ace0df95870abac
Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
452844524965f84e286b89ccffc1bed14c53bc8b474602302070ba68650597c9
Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
557ffed24e36cacc4f3361981664dc75d9334f99a5cbd59d57af8decc4ab8878
Cisco Security Advisory - Cisco TelePresence Endpoint devices contain multiple vulnerabilities. Exploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
42649bcfcd3a6dd19ff048743d266c20939141c54c9347011ae3048feb8bb886
Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash. Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released updated software that resolves the command and code execution vulnerabilities. There are currently no plans to resolve the malformed IP packets denial of service vulnerability, as this product is no longer being actively supported. There are no workarounds that mitigate these vulnerabilities. Customers should contact their Cisco Sales Representative to determine the Business Unit responsible for their Cisco TelePresence Recording Server.
d697966c2bf18aa4e5c2c7875970e0cc5906ca0fdb9589c54e691f940c9898ed
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
14805ba70f3f22beb00344db161a1a84d61059655f2be37dd02a5c5cceae306d
Cisco Security Advisory - The Cisco WebEx Recording Format (WRF) player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format (ARF) player contains one buffer overflow vulnerability. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. Cisco has updated affected versions of the WebEx meeting sites and WRF and ARF players to address these vulnerabilities.
49478116b2c8fce99cb338023910fed9c83a1ea261b069618c93a071ffc72472
OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible.
118d79062dddb1318eb706054168ad17a030afe1e9ebb59f9dc7c7a7a03bc308
Secunia Security Advisory - Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system.
820a95f8c9eb5bd946d54eee1052b23b67e15c7f5466e8ddfd2b11bf1d39bfd6
Secunia Security Advisory - A weakness has been reported in Cisco Application Control Engine products, which can be exploited by malicious users to bypass certain security restrictions.
9599cf531e4083ef8df5f2742495afea519f6ce878470415003c457a67089a46
Secunia Security Advisory - A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service).
d9696ad4a0464e8fb8c2df3901f29929389a161e3dfdf6087c98fdaa1cb0366c
Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that may allow an unauthenticated, remote attacker to cause the reload of the affected device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
b2138abe79ccd8a8c42dc9e1dd56625e65c8b779de339dfbe6292280c1a13fc6
Cisco Security Advisory - A vulnerability exists in Cisco Application Control Engine (ACE) software. Administrative users may be logged into an unintended context (virtual instance) on the ACE when running in multicontext mode. Cisco has released free software updates that address this vulnerability. A workaround is available for this vulnerability.
543bfe7363a2968b41ab895f56066550f437e4aa52375a8a38bbe9e43155bb32
Cisco Security Advisory - The Cisco AnyConnect Secure Mobility Client is affected by multiple vulnerabilities including code execution. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
08cfe7a215d929cba091f6ca3cd541e7690b6f415bf90d797eed5ce00256ce26