The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco IOS

computer vulnerability CVE-2018-0484

Cisco IOS, IOS XE: access via SSH VRF

Synthesis of the vulnerability

An attacker can bypass restrictions to open a SSH connection via VRF of Cisco IOS or IOS XE, in order to try to authenticate.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 10/01/2019.
Identifiers: cisco-sa-20190109-ios-ssh-vrf, CSCvk37852, CVE-2018-0484, VIGILANCE-VUL-28205.

Description of the vulnerability

An attacker can bypass restrictions to open a SSH connection via VRF of Cisco IOS or IOS XE, in order to try to authenticate.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0197

Cisco IOS, IOS XE: denial of service via VLAN Trunking Protocol

Synthesis of the vulnerability

An attacker can generate a fatal error via VLAN Trunking Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-vtp, CSCvd37163, CVE-2018-0197, VIGILANCE-VUL-27344.

Description of the vulnerability

An attacker can generate a fatal error via VLAN Trunking Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-15369

Cisco IOS, IOS XE: denial of service via TACACS

Synthesis of the vulnerability

An attacker can generate a fatal error via TACACS of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-tacplus, CSCux66796, CVE-2018-15369, VIGILANCE-VUL-27343.

Description of the vulnerability

An attacker can generate a fatal error via TACACS of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0485

Cisco IOS, IOS XE: denial of service via SM-1T3/E3

Synthesis of the vulnerability

An attacker can generate a fatal error via SM-1T3/E3 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: IOS by Cisco, IOS XE Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user account.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-sm1t3e3, CSCva23932, CSCvi95007, CVE-2018-0485, VIGILANCE-VUL-27342.

Description of the vulnerability

An attacker can generate a fatal error via SM-1T3/E3 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-0473

Cisco IOS: denial of service via PTP

Synthesis of the vulnerability

An attacker can send malicious PTP packets to Cisco IOS, in order to trigger a denial of service.
Impacted products: IOS by Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-ptp, CSCvf94015, CSCvh77659, CSCvn28545, CVE-2018-0473, VIGILANCE-VUL-27339.

Description of the vulnerability

An attacker can send malicious PTP packets to Cisco IOS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-15377

Cisco IOS, IOS XE: memory leak via Plug and Play

Synthesis of the vulnerability

An attacker can create a memory leak via Plug and Play of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-pnp-memleak, CSCvi30136, CVE-2018-15377, VIGILANCE-VUL-27337.

Description of the vulnerability

An attacker can create a memory leak via Plug and Play of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-0466

Cisco IOS, IOS XE: denial of service via OSPFv3

Synthesis of the vulnerability

An attacker can generate a fatal error via OSPFv3 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-ospfv3-dos, CSCuy82806, CVE-2018-0466, VIGILANCE-VUL-27336.

Description of the vulnerability

An attacker can generate a fatal error via OSPFv3 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-15375 CVE-2018-15376

Cisco IOS: memory corruption via Test Commands

Synthesis of the vulnerability

An attacker can generate a memory corruption via Test Commands of Cisco IOS, in order to trigger a denial of service, and possibly to run code.
Impacted products: IOS by Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-ir800-memwrite, CSCuy10473, CSCvc82464, CVE-2018-15375, CVE-2018-15376, VIGILANCE-VUL-27334.

Description of the vulnerability

An attacker can generate a memory corruption via Test Commands of Cisco IOS, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0467

Cisco IOS, IOS XE: denial of service via IPv6 Hop-by-Hop Options

Synthesis of the vulnerability

An attacker can generate a fatal error via IPv6 Hop-by-Hop Options of Cisco IOS, IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-ipv6hbh, CSCuz28570, CVE-2018-0467, VIGILANCE-VUL-27333.

Description of the vulnerability

An attacker can generate a fatal error via IPv6 Hop-by-Hop Options of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-0475

Cisco IOS, IOS XE: denial of service via Cluster Management Protocol

Synthesis of the vulnerability

An attacker can generate a fatal error via Cluster Management Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-cmp, CSCvg48576, CVE-2018-0475, VIGILANCE-VUL-27328.

Description of the vulnerability

An attacker can generate a fatal error via Cluster Management Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco IOS: