According to its self-reported version and configuration, the Cisco IOS software running on the remote device is affected by a remote code execution vulnerability in the Cluster Management Protocol (CMP) subsystem due to improper handling of CMP-specific Telnet options. An unauthenticated, remote attacker can exploit this by establishing a Telnet session with malformed CMP-specific telnet options, to execute arbitrary code.

According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

According to its self-reported version, Cisco IOS Software is affected by a web services remote code exeuction vulnerability: - A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the attacker to execute arbitrary code as root, which may lead to the complete compromise of the affected device. (CVE-2025-20363) Please see the included Cisco BIDs and Cisco Security Advisory for more information.

It is possible to obtain the default community name of the remote SNMP server. An attacker may use this information to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allows such modifications).

Cisco IOS Software Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) is vulnerable to a denial of service (DoS) attack from specially crafted packets. Only the MFI is affected by this vulnerability. Older Label Forwarding Information Base (LFIB) implementation, which is replaced by MFI, is not affected. Cisco has released free software updates that address this vulnerability.

A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS Software are enabled. A sequence of specially crafted TCP/IP packets could cause any of the following results: Cisco has released free software updates that address this vulnerability. Several mitigation strategies are outlined in the "Workarounds" section of this advisory.

The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information. The Cisco IOS SCP server is an optional service that is disabled by default. CLI views are a fundamental component of the Cisco IOS Role-Based CLI Access feature, which is also disabled by default. Devices that are not specifically configured to enable the Cisco IOS SCP server, or that are configured to use it but do not use role-based CLI access, are not affected by this vulnerability. This vulnerability does not apply to the Cisco IOS SCP client feature. Cisco has released free software updates that address this vulnerability. There are no workarounds available for this vulnerability apart from disabling either the SCP server or the CLI view feature if these services are not required by administrators.

Cisco IOS Software contains a vulnerability in multiple features that could allow an attacker to cause a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP packets can cause the vulnerable device to reload. Cisco has released free software updates that address this vulnerability. Several mitigation strategies are outlined in the workarounds section of this advisory.

Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked. Transit traffic will not block the interface. Cisco has released free software updates that address this vulnerability and workarounds that mitigate this vulnerability are available.

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system. In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities. Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system. In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities. Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

Cisco IOS Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.

Cisco IOS devices that are configured for Internet Key Exchange (IKE) protocol and certificate based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this vulnerability may result in the allocation of all available Phase 1 security associations (SA) and prevent the establishment of new IPsec sessions. Cisco has released free software updates that address this vulnerability.

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding. Cisco has released free software updates that address this vulnerability.

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding. Cisco has released free software updates that address this vulnerability.

A device running Cisco IOS Software, Cisco IOS XE Software, or Cisco IOS XR Software is vulnerable to a remote denial of service (DoS) condition if it is configured for Multiprotocol Label Switching (MPLS) and has support for Label Distribution Protocol (LDP). A crafted LDP UDP packet can cause an affected device running Cisco IOS Software or Cisco IOS XE Software to reload. On devices running affected versions of Cisco IOS XR Software, such packets can cause the device to restart the mpls_ldp process. A system is vulnerable if configured with either LDP or Tag Distribution Protocol (TDP). Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

According to its self-reported version number, the remote Cisco IOS device is affected by a denial of service vulnerability in the Multicast Source Discovery Protocol (MSDP) implementation. An unauthenticated, remote attacker can exploit this, via an MSDP packet containing encapsulated IGMP data, to cause the device to reload.

According to its self-reported version and configuration, the Cisco IOS software running on the remote device is affected by a security bypass vulnerability in the Authentication, Authorization, and Accounting (AAA) feature. An authenticated, remote attacker can exploit this, via an HTTP or HTTPS session, to bypass access restrictions and execute any IOS command that is configured for the authorization level. This vulnerability requires that the HTTP or HTTPS server is enabled on the Cisco IOS device.

Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a single DHCP packet to or through an affected device, causing the device to reload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.

Cisco IOS Software and Cisco IOS XE Software contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a crafted request to an affected device that has the DHCP version 6 (DHCPv6) server feature enabled, causing a reload. Cisco has released free software updates that address this vulnerability.

A vulnerability exists in the DHCP implementation of Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of crafted DHCP packets. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that has the DHCP server or DHCP relay feature enabled. An exploit could allow the attacker to cause a reload of an affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds to this vulnerability.

A vulnerability in the implementation of the Network Time Protocol (NTP) feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of multicast NTP packets that are sent to an affected device encapsulated in a Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message from a configured MSDP peer. An attacker could exploit this vulnerability by sending multicast NTP packets to an affected device. Repeated exploitation could result in a sustained DoS condition. Cisco has released free software updates that address this vulnerability. A workaround is available to mitigate this vulnerability.

According to its self-reported version, the version of Cisco IOS running on the remote host is affected by multiple denial of service vulnerabilities in the Network Address Translation (NAT) implementation : - An issue exists in the TCP Input module due to the improper handling of certain sequences of TCP packets. An unauthenticated, remote attacker could potentially exploit this issue by sending a specific sequence of IPv4 TCP packets resulting in a denial of service. (CVE-2014-2109) - An issue exists in the Application Layer Gateway (ALG) module due to the improper handling of malformed DNS packets during the NAT procedure. An unauthenticated, remote attacker could potentially exploit this issue by sending malformed IPv4 DNS packets resulting in a denial of service. (CVE-2014-2111) Note that IPv6 packets cannot be used to exploit these issues.

According to its self-reported version, the version of Cisco IOS running on the remote host is affected by multiple denial of service vulnerabilities in the Network Address Translation (NAT) implementation : - An issue exists in the TCP Input module due to the improper handling of certain sequences of TCP packets. An unauthenticated, remote attacker could potentially exploit this issue by sending a specific sequence of IPv4 TCP packets resulting in a denial of service. (CVE-2014-2109) - An issue exists in the Application Layer Gateway (ALG) module due to the improper handling of malformed DNS packets during the NAT procedure. An unauthenticated, remote attacker could potentially exploit this issue by sending malformed IPv4 DNS packets resulting in a denial of service. (CVE-2014-2111) Note that IPv6 packets cannot be used to exploit these issues.

According to its self-reported version, the version of Cisco IOS running on the remote host is affected by a denial of service vulnerability in the Resource Reservation Protocol (RSVP) implementation due to improper handling of RSVP packets. A remote attacker can exploit this issue by sending specially crafted RSVP packets to cause the device to reload.

According to its self-reported version, the Cisco IOS software running on the remote device is affected by a denial of service vulnerability in the Smart Install client feature due to improper handling of image list parameters. An unauthenticated, remote attacker can exploit this issue, via crafted Smart Install packets, to cause the device to reload.

According to its self-reported version and configuration, the Cisco IOS software running on the remote device is affected by an information disclosure vulnerability, known as BENIGNCERTAIN, in the Internet Key Exchange version 1 (IKEv1) subsystem due to improper handling of IKEv1 security negotiation requests. An unauthenticated, remote attacker can exploit this issue, via a specially crafted IKEv1 packet, to disclose memory contents, resulting in the disclosure of confidential information including credentials and configuration settings. BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and exploits disclosed on 2016/08/14 by a group known as the Shadow Brokers.

According to its self-reported version, the Cisco IOS software running on the remote device is affected by a denial of service vulnerability in its Layer 2 Tunneling Protocol (L2TP) parsing function due to insufficient validation of L2TP packets. An unauthenticated, remote attacker can exploit this issue, via a specially crafted L2TP packet, to cause the device to reload. Note that this issue only affects devices if the L2TP feature is enabled and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled.

According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

According to its self-reported version, the Cisco IOS software running on the remote device is affected by multiple denial of service vulnerabilities in the DHCP client implementation when parsing DHCP packets. An unauthenticated, remote attacker can exploit these issues, via specially crafted DHCP packets, to cause the device to reload.

According to its self-reported version, the Cisco IOS software running on the remote device is affected by multiple denial of service vulnerabilities in the DHCP client implementation when parsing DHCP packets. An unauthenticated, remote attacker can exploit these issues, via specially crafted DHCP packets, to cause the device to reload.

According to its self-reported version, the Cisco IOS software running on the remote device is affected by multiple denial of service vulnerabilities in the DHCP client implementation when parsing DHCP packets. An unauthenticated, remote attacker can exploit these issues, via specially crafted DHCP packets, to cause the device to reload.

According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

According to its self-reported version, IOS is affected by a vulnerability in the HTTP client feature that allows an unauthenticated, remote attacker to read and modify data that should normally be sent via an encrypted channel. This vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker can exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been set through an encrypted channel. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. - A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20169, CVE-2025-20170, CVE-2025-20171, CVE-2025-20173, CVE-2025-20174, CVE-2025-20175, CVE-2025-20176) - A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20172) Please see the included Cisco BIDs and Cisco Security Advisory for more information.

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. - A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20169, CVE-2025-20170, CVE-2025-20171, CVE-2025-20173, CVE-2025-20174, CVE-2025-20175, CVE-2025-20176) - A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20172) Please see the included Cisco BIDs and Cisco Security Advisory for more information.

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. - A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20169, CVE-2025-20170, CVE-2025-20171, CVE-2025-20173, CVE-2025-20174, CVE-2025-20175, CVE-2025-20176) - A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20172) Please see the included Cisco BIDs and Cisco Security Advisory for more information.

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. - A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20169, CVE-2025-20170, CVE-2025-20171, CVE-2025-20173, CVE-2025-20174, CVE-2025-20175, CVE-2025-20176) - A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20172) Please see the included Cisco BIDs and Cisco Security Advisory for more information.

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. - A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20169, CVE-2025-20170, CVE-2025-20171, CVE-2025-20173, CVE-2025-20174, CVE-2025-20175, CVE-2025-20176) - A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20172) Please see the included Cisco BIDs and Cisco Security Advisory for more information.

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. - A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20169, CVE-2025-20170, CVE-2025-20171, CVE-2025-20173, CVE-2025-20174, CVE-2025-20175, CVE-2025-20176) - A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20172) Please see the included Cisco BIDs and Cisco Security Advisory for more information.

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. - A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20169, CVE-2025-20170, CVE-2025-20171, CVE-2025-20173, CVE-2025-20174, CVE-2025-20175, CVE-2025-20176) - A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20172) Please see the included Cisco BIDs and Cisco Security Advisory for more information.

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. - A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20169, CVE-2025-20170, CVE-2025-20171, CVE-2025-20173, CVE-2025-20174, CVE-2025-20175, CVE-2025-20176) - A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. (CVE-2025-20172) Please see the included Cisco BIDs and Cisco Security Advisory for more information.

The remote host is running a Telnet server over an unencrypted channel. Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials or other sensitive information and to modify traffic exchanged between a client and server. SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams such as an X11 session.

The remote Cisco IOS device is affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could be exploited by injecting specially crafted OSPF packets. Successful exploitation could allow an unauthenticated attacker to manipulate or disrupt the flow of network traffic through the device.

The remote SNMP daemon is responding with a large amount of data to a 'GETBULK' request with a larger than normal value for 'max-repetitions'. A remote attacker can use this SNMP server to conduct a reflected distributed denial of service attack on an arbitrary remote host.

According to its self-reported version, the Cisco IOS software running on the remote device is affected by a security bypass vulnerability in the Zone-Based Firewall feature due to insufficient zone checking for traffic belonging to existing sessions. An unauthenticated, remote attacker can exploit this, by injecting spoofed traffic that matches existing connections, to bypass security access restrictions on the device and gain access to resources.

The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP amplification attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause a reflected denial of service condition.

According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

According to its self-reported version, Cisco IOS is affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. An unauthenticated, remote attacker can exploit this, by injecting crafted OSPF LSA type 1 packets, to cause the targeted router to flush its routing table and propagate the crafted OSPF LSA type 1 update through the OSPF AS domain, allowing the attacker to intercept or black-hole traffic. Successful exploitation of this vulnerability requires that an attacker first accurately determine certain parameters within the LSA database on the target router. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, IOS is affected by a vulnerability in the Tool Command Line (Tcl) interpreter due to insufficient input validation of data passed to the Tcl interpreter. An authenticated, unprivileged, and local attacker can exploit this, by executing crafted Tcl arguments on an affected device, in order to cause a denial of service (DoS) condition on an affected system. Please see the included Cisco BIDs and Cisco Security Advisory for more information.

According to its self-reported version, IOS is affected by a Arbitrary Code Execution vulnerability. An authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device. Please see the included Cisco BIDs and Cisco Security Advisory for more information.

The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols. Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.

It is possible to determine the model of the remote CISCO system by sending SNMP requests with the OID 1.3.6.1.4.1.9.1. An attacker may use this information to gain more knowledge about the remote host.