Total
173 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-3876 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could allow the attacker to crash the device in such a manner that manual intervention is required to recover. This vulnerability affects all Cisco IOS XR platforms that are running release 6.1.1 of Cisco IOS XR Software when the gRPC service is enabled on the device. The gRPC service is not enabled by default. Cisco Bug IDs: CSCvb14441. | |||||
CVE-2017-12355 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete LPTS frame validation by the affected software. An attacker could exploit this vulnerability by sending crafted XML requests to the management interface of an affected system. A successful exploit could allow the attacker to cause one of the LPTS processes on the affected system to restart unexpectedly, which would impact LPTS traffic and cause a brief DoS condition while the process restarts. Cisco Bug IDs: CSCvf76332. | |||||
CVE-2017-12270 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerability is due to the software's inability to process HTTP/2 packets. An attacker could exploit this vulnerability by sending a malformed HTTP/2 frame to the affected device. A successful exploit could allow the attacker to create a DoS condition when the emsd service stops. Cisco Bug IDs: CSCvb99388. | |||||
CVE-2016-9215 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE. | |||||
CVE-2016-9205 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known Affected Releases: 6.1.1.BASE. Known Fixed Releases: 6.1.2.6i.MGBL 6.1.22.9i.MGBL 6.2.1.14i.MGBL. | |||||
CVE-2016-6428 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. | |||||
CVE-2016-6421 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643. | |||||
CVE-2016-6415 | 1 Cisco | 3 Ios, Ios Xe, Ios Xr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN. | |||||
CVE-2016-6355 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791. | |||||
CVE-2016-1456 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721. | |||||
CVE-2016-1433 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289. | |||||
CVE-2016-1426 | 1 Cisco | 2 Ios Xr, Network Convergence System 6000 | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819. | |||||
CVE-2016-1409 | 1 Cisco | 4 Ios, Ios Xe, Ios Xr and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016. | |||||
CVE-2016-1407 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576. | |||||
CVE-2016-1376 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548. | |||||
CVE-2016-1366 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848. | |||||
CVE-2016-1361 | 1 Cisco | 5 Ios Xr, Xr 12404, Xr 12406 and 2 more | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900. | |||||
CVE-2015-6432 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. | |||||
CVE-2015-6301 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2024-11-21 | 5.0 MEDIUM | N/A |
The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171. | |||||
CVE-2015-6297 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2024-11-21 | 5.0 MEDIUM | N/A |
The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. |