The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Aggregation Services Router

computer vulnerability alert CVE-2019-1904

Cisco IOS XE: Cross Site Request Forgery via Web UI

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery via Web UI of Cisco IOS XE, in order to force the victim to perform operations.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 13/06/2019.
Identifiers: CERTFR-2019-AVI-270, cisco-sa-20190612-iosxe-csrf, CSCuy98103, CVE-2019-1904, VIGILANCE-VUL-29526.

Description of the vulnerability

The Cisco IOS XE product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery via Web UI of Cisco IOS XE, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-1842

Cisco IOS XR: information disclosure via SSH Double Authentication

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SSH Double Authentication of Cisco IOS XR, in order to obtain sensitive information.
Impacted products: Cisco ASR, IOS XR Cisco.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 06/06/2019.
Identifiers: CERTFR-2019-AVI-248, cisco-sa-20190605-iosxr-ssh, CSCvo03672, CVE-2019-1842, VIGILANCE-VUL-29476.

Description of the vulnerability

An attacker can bypass access restrictions to data via SSH Double Authentication of Cisco IOS XR, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-1846

Cisco IOS XR: denial of service via MPLS OAM

Synthesis of the vulnerability

An attacker can trigger a fatal error via MPLS OAM of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 16/05/2019.
Identifiers: CERTFR-2019-AVI-228, cisco-sa-20190515-iosxr-mpls-dos, CVE-2019-1846, VIGILANCE-VUL-29343.

Description of the vulnerability

An attacker can trigger a fatal error via MPLS OAM of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-1849

Cisco IOS XR: denial of service via MPLS

Synthesis of the vulnerability

An attacker can trigger a fatal error via MPLS of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: data flow, denial of service on server, denial of service on service, denial of service on client.
Provenance: LAN.
Creation date: 16/05/2019.
Identifiers: CERTFR-2019-AVI-228, cisco-sa-20190515-iosxr-evpn-dos, CSCvk35997, CVE-2019-1849, VIGILANCE-VUL-29319.

Description of the vulnerability

An attacker can trigger a fatal error via MPLS of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-1686

Cisco ASR 9000: privilege escalation via ACL Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via ACL Bypass of Cisco ASR 9000, in order to escalate his privileges.
Impacted products: Cisco ASR.
Severity: 2/4.
Consequences: data flow.
Provenance: intranet client.
Creation date: 18/04/2019.
Identifiers: cisco-sa-20190417-iosxracl, CSCvm01102, CVE-2019-1686, VIGILANCE-VUL-29085.

Description of the vulnerability

An attacker can bypass restrictions via ACL Bypass of Cisco ASR 9000, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-1712

Cisco IOS XR: denial of service via PIM

Synthesis of the vulnerability

An attacker can trigger a fatal error via PIM of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 18/04/2019.
Identifiers: cisco-sa-20190417-iosxr-pim-dos, CSCvg43676, CVE-2019-1712, VIGILANCE-VUL-29084.

Description of the vulnerability

An attacker can trigger a fatal error via PIM of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-1711

Cisco IOS XR: denial of service via gRPC

Synthesis of the vulnerability

An attacker can trigger a fatal error via gRPC of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 18/04/2019.
Identifiers: cisco-sa-20190417-ios-xr-dos, CSCve12615, CVE-2019-1711, VIGILANCE-VUL-29083.

Description of the vulnerability

An attacker can trigger a fatal error via gRPC of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-0282

Cisco IOS, IOS XE: denial of service via TCP HTTP Server

Synthesis of the vulnerability

An attacker can trigger a fatal error via TCP HTTP Server of Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 10/01/2019.
Identifiers: cisco-sa-20190109-tcp, CSCvg39082, CVE-2018-0282, VIGILANCE-VUL-28209.

Description of the vulnerability

An attacker can trigger a fatal error via TCP HTTP Server of Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0484

Cisco IOS, IOS XE: access via SSH VRF

Synthesis of the vulnerability

An attacker can bypass restrictions to open a SSH connection via VRF of Cisco IOS or IOS XE, in order to try to authenticate.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 10/01/2019.
Identifiers: cisco-sa-20190109-ios-ssh-vrf, CSCvk37852, CVE-2018-0484, VIGILANCE-VUL-28205.

Description of the vulnerability

An attacker can bypass restrictions to open a SSH connection via VRF of Cisco IOS or IOS XE, in order to try to authenticate.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-15464

Cisco ASR 900: denial of service via Broadcast Packets

Synthesis of the vulnerability

An attacker can trigger a fatal error via Broadcast Packets of Cisco ASR 900, in order to trigger a denial of service.
Impacted products: Cisco ASR.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 10/01/2019.
Identifiers: cisco-sa-20190109-asr900-dos, CSCvh94635, CVE-2018-15464, VIGILANCE-VUL-28200.

Description of the vulnerability

An attacker can trigger a fatal error via Broadcast Packets of Cisco ASR 900, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco Aggregation Services Router: