The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco ASR

vulnerability bulletin CVE-2017-5754

Intel Processors: memory reading via Meltdown

Synthesis of the vulnerability

When the system uses an Intel processor, a local attacker can access to the kernel memory, in order to read sensitive information.
Impacted products: SNS, iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, Cisco ASR, Cisco Catalyst, Nexus by Cisco, NX-OS, Cisco Router, Cisco UCS, XenServer, Debian, Avamar, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, Android OS, AIX, IBM i, QRadar SIEM, Juniper J-Series, Junos OS, Junos Space, NSMXpress, Linux, McAfee Email Gateway, McAfee NSM, McAfee NTBA, McAfee Web Gateway, Meinberg NTP Server, Edge, IE, SQL Server, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, OpenBSD, openSUSE Leap, Oracle Communications, pfSense, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, RHEL, SIMATIC, Slackware, Sonus SBC, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, vCenter Server, Xen.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/01/2018.
Revision date: 05/01/2018.
Identifiers: 2016636, 519675, ADV180002, CERTFR-2018-ALE-001, CERTFR-2018-AVI-004, CERTFR-2018-AVI-005, CERTFR-2018-AVI-009, CERTFR-2018-AVI-012, CERTFR-2018-AVI-014, CERTFR-2018-AVI-017, CERTFR-2018-AVI-018, CERTFR-2018-AVI-029, CERTFR-2018-AVI-048, CERTFR-2018-AVI-049, CERTFR-2018-AVI-077, CERTFR-2018-AVI-079, CERTFR-2018-AVI-114, CERTFR-2018-AVI-124, CERTFR-2018-AVI-134, CERTFR-2018-AVI-208, CERTFR-2018-AVI-225, cisco-sa-20180104-cpusidechannel, cpuapr2019, CTX231390, CTX231399, CTX234679, CVE-2017-5754, DLA-1232-1, DLA-1349-1, DSA-2018-049, DSA-4078-1, DSA-4082-1, DSA-4120-1, DSA-4120-2, DSA-4179-1, FG-IR-18-002, FreeBSD-SA-18:03.speculative_execution, HT208331, HT208334, HT208394, HT208465, JSA10842, JSA10873, K91229003, MBGSA-1801, Meltdown, N1022433, nas8N1022433, openSUSE-SU-2018:0022-1, openSUSE-SU-2018:0023-1, openSUSE-SU-2018:0326-1, openSUSE-SU-2018:0459-1, openSUSE-SU-2018:1623-1, RHSA-2018:0007-01, RHSA-2018:0008-01, RHSA-2018:0009-01, RHSA-2018:0010-01, RHSA-2018:0011-01, RHSA-2018:0012-01, RHSA-2018:0013-01, RHSA-2018:0014-01, RHSA-2018:0015-01, RHSA-2018:0016-01, RHSA-2018:0017-01, RHSA-2018:0018-01, RHSA-2018:0020-01, RHSA-2018:0021-01, RHSA-2018:0022-01, RHSA-2018:0023-01, RHSA-2018:0024-01, RHSA-2018:0025-01, RHSA-2018:0026-01, RHSA-2018:0027-01, RHSA-2018:0028-01, RHSA-2018:0029-01, RHSA-2018:0030-01, RHSA-2018:0031-01, RHSA-2018:0032-01, RHSA-2018:0034-01, RHSA-2018:0035-01, RHSA-2018:0036-01, RHSA-2018:0037-01, RHSA-2018:0038-01, RHSA-2018:0039-01, RHSA-2018:0040-01, RHSA-2018:0053-01, RHSA-2018:0093-01, RHSA-2018:0094-01, RHSA-2018:0103-01, RHSA-2018:0104-01, RHSA-2018:0105-01, RHSA-2018:0106-01, RHSA-2018:0107-01, RHSA-2018:0108-01, RHSA-2018:0109-01, RHSA-2018:0110-01, RHSA-2018:0111-01, RHSA-2018:0112-01, RHSA-2018:0182-01, RHSA-2018:0292-01, RHSA-2018:0464-01, RHSA-2018:0496-01, RHSA-2018:0512-01, RHSA-2018:1129-01, RHSA-2018:1196-01, SA161, SB10226, spectre_meltdown_advisory, SSA-168644, SSA:2018-016-01, SSA:2018-037-01, STORM-2018-001, SUSE-SU-2018:0010-1, SUSE-SU-2018:0011-1, SUSE-SU-2018:0012-1, SUSE-SU-2018:0031-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0069-1, SUSE-SU-2018:0115-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, SUSE-SU-2018:0219-1, SUSE-SU-2018:0438-1, SUSE-SU-2018:0472-1, SUSE-SU-2018:0601-1, SUSE-SU-2018:0609-1, SUSE-SU-2018:0638-1, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, SUSE-SU-2018:1603-1, SUSE-SU-2018:1658-1, SUSE-SU-2018:1699-1, SUSE-SU-2018:2528-1, Synology-SA-18:01, USN-3516-1, USN-3522-1, USN-3522-2, USN-3522-3, USN-3522-4, USN-3523-1, USN-3523-2, USN-3523-3, USN-3524-1, USN-3524-2, USN-3525-1, USN-3540-1, USN-3540-2, USN-3541-1, USN-3541-2, USN-3583-1, USN-3583-2, USN-3597-1, USN-3597-2, VIGILANCE-VUL-24933, VMSA-2018-0007, VN-2018-001, VN-2018-002, VU#584653, XSA-254.

Description of the vulnerability

When the system uses an Intel processor, a local attacker can access to the kernel memory, in order to read sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-12239

Cisco ASR/cBR-8: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Cisco ASR/cBR-8, in order to run code.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: physical access.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-cc, CSCvc65866, CSCve77132, CVE-2017-12239, VIGILANCE-VUL-23956.

Description of the vulnerability

An attacker can use a vulnerability of Cisco ASR/cBR-8, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-6795

Cisco ASR 920: write access via Platform Usb Modem

Synthesis of the vulnerability

An attacker can bypass access restrictions via Platform Usb Modem of Cisco ASR 920, in order to alter data.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 2/4.
Consequences: data creation/edition, data deletion.
Provenance: user account.
Creation date: 07/09/2017.
Identifiers: cisco-sa-20170906-asr920-2, CSCvf10783, CVE-2017-6795, VIGILANCE-VUL-23760.

Description of the vulnerability

An attacker can bypass access restrictions via Platform Usb Modem of Cisco ASR 920, in order to alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-6796

Cisco ASR 920: code execution via Platform Usb Modem

Synthesis of the vulnerability

An attacker can use a vulnerability via Platform Usb Modem of Cisco ASR 920, in order to run code.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 07/09/2017.
Identifiers: cisco-sa-20170906-asr920-1, CSCve48949, CVE-2017-6796, VIGILANCE-VUL-23759.

Description of the vulnerability

An attacker can use a vulnerability via Platform Usb Modem of Cisco ASR 920, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-12217

Cisco ASR 5500: denial of service via GPRS Tunneling Protocol

Synthesis of the vulnerability

An attacker can send malicious GPRS Tunneling Protocol packets to Cisco ASR 5500, in order to trigger a denial of service.
Impacted products: Cisco ASR.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 07/09/2017.
Identifiers: cisco-sa-20170906-asr, CSCve07119, CVE-2017-12217, VIGILANCE-VUL-23758.

Description of the vulnerability

An attacker can send malicious GPRS Tunneling Protocol packets to Cisco ASR 5500, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-6773

Cisco ASR 5000: privilege escalation via Command-Line Interface

Synthesis of the vulnerability

An attacker can bypass restrictions via Command-Line Interface of Cisco ASR 5000, in order to escalate his privileges.
Impacted products: Cisco ASR.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 17/08/2017.
Identifiers: CERTFR-2017-AVI-269, cisco-sa-20170816-staros1, CSCvd47722, CVE-2017-6773, VIGILANCE-VUL-23554.

Description of the vulnerability

An attacker can bypass restrictions via Command-Line Interface of Cisco ASR 5000, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-6774

Cisco ASR 5000: denial of service via FTP Configuration File

Synthesis of the vulnerability

An attacker can generate a fatal error via FTP Configuration File of Cisco ASR 5000, in order to trigger a denial of service.
Impacted products: Cisco ASR.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user account.
Creation date: 17/08/2017.
Identifiers: CERTFR-2017-AVI-269, cisco-sa-20170816-staros2, CSCvd47739, CVE-2017-6774, VIGILANCE-VUL-23553.

Description of the vulnerability

An attacker can generate a fatal error via FTP Configuration File of Cisco ASR 5000, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-6775

Cisco ASR 5000: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Cisco ASR 5000, in order to escalate his privileges.
Impacted products: Cisco ASR.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 17/08/2017.
Identifiers: CERTFR-2017-AVI-269, cisco-sa-20170816-staros3, CSCvd47741, CVE-2017-6775, VIGILANCE-VUL-23552.

Description of the vulnerability

An attacker can bypass restrictions of Cisco ASR 5000, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-6612

Cisco ASR 5000: open redirect via GGSN

Synthesis of the vulnerability

An attacker can deceive the user via GGSN of Cisco ASR 5000, in order to redirect him to a malicious site.
Impacted products: Cisco ASR.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-asr, CSCvc67927, CVE-2017-6612, VIGILANCE-VUL-23307.

Description of the vulnerability

An attacker can deceive the user via GGSN of Cisco ASR 5000, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-6672

Cisco ASR 5000: privilege escalation via ACL Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via ACL Bypass of Cisco ASR 5000, in order to escalate his privileges.
Impacted products: Cisco ASR.
Severity: 2/4.
Consequences: data flow.
Provenance: intranet client.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-asr1, CSCvb99022, CSCvc16964, CSCvc37351, CSCvc54843, CSCvc63444, CSCvc77815, CSCvc88658, CSCve08955, CSCve14141, CSCve33870, CVE-2017-6672, VIGILANCE-VUL-23306.

Description of the vulnerability

An attacker can bypass restrictions via ACL Bypass of Cisco ASR 5000, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco ASR: