Cisco : Security Vulnerabilities, CVEs, Published In December 2003

Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).

The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.

The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.