The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Aggregation Services Router

vulnerability note CVE-2018-0197

Cisco IOS, IOS XE: denial of service via VLAN Trunking Protocol

Synthesis of the vulnerability

An attacker can generate a fatal error via VLAN Trunking Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-vtp, CSCvd37163, CVE-2018-0197, VIGILANCE-VUL-27344.

Description of the vulnerability

An attacker can generate a fatal error via VLAN Trunking Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-15369

Cisco IOS, IOS XE: denial of service via TACACS

Synthesis of the vulnerability

An attacker can generate a fatal error via TACACS of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-tacplus, CSCux66796, CVE-2018-15369, VIGILANCE-VUL-27343.

Description of the vulnerability

An attacker can generate a fatal error via TACACS of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-15371

Cisco IOS XE: privilege escalation via Shell Access Request

Synthesis of the vulnerability

An attacker can bypass restrictions via Shell Access Request of Cisco IOS XE, in order to escalate his privileges.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-shell-access, CSCvb79289, CVE-2018-15371, VIGILANCE-VUL-27340.

Description of the vulnerability

An attacker can bypass restrictions via Shell Access Request of Cisco IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-15368

Cisco IOS XE: privilege escalation via Privileged EXEC Mode Root Shell

Synthesis of the vulnerability

An attacker can bypass restrictions via Privileged EXEC Mode Root Shell of Cisco IOS XE, in order to escalate his privileges.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user account.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-privesc, CSCuw45594, CVE-2018-15368, VIGILANCE-VUL-27338.

Description of the vulnerability

An attacker can bypass restrictions via Privileged EXEC Mode Root Shell of Cisco IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-15377

Cisco IOS, IOS XE: memory leak via Plug and Play

Synthesis of the vulnerability

An attacker can create a memory leak via Plug and Play of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-pnp-memleak, CSCvi30136, CVE-2018-15377, VIGILANCE-VUL-27337.

Description of the vulnerability

An attacker can create a memory leak via Plug and Play of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-0466

Cisco IOS, IOS XE: denial of service via OSPFv3

Synthesis of the vulnerability

An attacker can generate a fatal error via OSPFv3 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-ospfv3-dos, CSCuy82806, CVE-2018-0466, VIGILANCE-VUL-27336.

Description of the vulnerability

An attacker can generate a fatal error via OSPFv3 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-15372

Cisco IOS XE: privilege escalation via MACsec MKA EAP-TLS Authentication Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via MACsec MKA EAP-TLS Authentication Bypass of Cisco IOS XE, in order to escalate his privileges.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: privileged access/rights, data flow.
Provenance: LAN.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-macsec, CSCvh09411, CVE-2018-15372, VIGILANCE-VUL-27335.

Description of the vulnerability

An attacker can bypass restrictions via MACsec MKA EAP-TLS Authentication Bypass of Cisco IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-0477 CVE-2018-0481

Cisco IOS XE: privilege escalation via CLI Command Injection

Synthesis of the vulnerability

An attacker can bypass restrictions via CLI Command Injection of Cisco IOS XE, in order to escalate his privileges.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-iosxe-cmdinj, CSCvh02919, CSCvh54202, CVE-2018-0477, CVE-2018-0481, VIGILANCE-VUL-27331.

Description of the vulnerability

An attacker can bypass restrictions via CLI Command Injection of Cisco IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0480

Cisco IOS XE: denial of service via VLAN Errdisable

Synthesis of the vulnerability

An attacker can generate a fatal error via VLAN Errdisable of Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-errdisable, CSCvh13611, CVE-2018-0480, VIGILANCE-VUL-27330.

Description of the vulnerability

An attacker can generate a fatal error via VLAN Errdisable of Cisco IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-15374

Cisco IOS XE: privilege escalation via Digital Signature Verification Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via Digital Signature Verification Bypass of Cisco IOS XE, in order to escalate his privileges.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-digsig, CSCvh15737, CVE-2018-15374, VIGILANCE-VUL-27329.

Description of the vulnerability

An attacker can bypass restrictions via Digital Signature Verification Bypass of Cisco IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco Aggregation Services Router: