The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco IOS XE

computer threat bulletin CVE-2019-12624

Cisco IOS XE NGWC: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Cisco IOS XE NGWC, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 22/08/2019.
Identifiers: CERTFR-2019-AVI-410, cisco-sa-20190821-iosxe-ngwc-csrf, CSCvq64435, CVE-2019-12624, VIGILANCE-VUL-30126.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco IOS XE NGWC product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Cisco IOS XE NGWC, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2019-1904

Cisco IOS XE: Cross Site Request Forgery via Web UI

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery via Web UI of Cisco IOS XE, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 13/06/2019.
Identifiers: CERTFR-2019-AVI-270, cisco-sa-20190612-iosxe-csrf, CSCuy98103, CVE-2019-1904, VIGILANCE-VUL-29526.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco IOS XE product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery via Web UI of Cisco IOS XE, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2018-0282

Cisco IOS, IOS XE: denial of service via TCP HTTP Server

Synthesis of the vulnerability

An attacker can trigger a fatal error via TCP HTTP Server of Cisco IOS or IOS XE, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 10/01/2019.
Identifiers: cisco-sa-20190109-tcp, CSCvg39082, CVE-2018-0282, VIGILANCE-VUL-28209.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via TCP HTTP Server of Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2018-0484

Cisco IOS, IOS XE: access via SSH VRF

Synthesis of the vulnerability

An attacker can bypass restrictions to open a SSH connection via VRF of Cisco IOS or IOS XE, in order to try to authenticate.
Severity: 2/4.
Creation date: 10/01/2019.
Identifiers: cisco-sa-20190109-ios-ssh-vrf, CSCvk37852, CVE-2018-0484, VIGILANCE-VUL-28205.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions to open a SSH connection via VRF of Cisco IOS or IOS XE, in order to try to authenticate.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0469

Cisco IOS XE: use after free via Web UI

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Web UI of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-webuidos, CSCva31961, CVE-2018-0469, VIGILANCE-VUL-27346.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via Web UI of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2018-0470

Cisco IOS XE: buffer overflow via HTTP

Synthesis of the vulnerability

An attacker can generate a buffer overflow via HTTP of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-webdos, CSCvb22618, CVE-2018-0470, VIGILANCE-VUL-27345.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via HTTP of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0197

Cisco IOS, IOS XE: denial of service via VLAN Trunking Protocol

Synthesis of the vulnerability

An attacker can generate a fatal error via VLAN Trunking Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-vtp, CSCvd37163, CVE-2018-0197, VIGILANCE-VUL-27344.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via VLAN Trunking Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2018-15369

Cisco IOS, IOS XE: denial of service via TACACS

Synthesis of the vulnerability

An attacker can generate a fatal error via TACACS of Cisco IOS and IOS XE, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-tacplus, CSCux66796, CVE-2018-15369, VIGILANCE-VUL-27343.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via TACACS of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2018-0485

Cisco IOS, IOS XE: denial of service via SM-1T3/E3

Synthesis of the vulnerability

An attacker can generate a fatal error via SM-1T3/E3 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-sm1t3e3, CSCva23932, CSCvi95007, CVE-2018-0485, VIGILANCE-VUL-27342.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via SM-1T3/E3 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2018-0476

Cisco IOS XE: denial of service via NAT SIP ALG

Synthesis of the vulnerability

An attacker can generate a fatal error via NAT SIP ALG of Cisco IOS XE, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-sip-alg, CSCvg89036, CVE-2018-0476, VIGILANCE-VUL-27341.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via NAT SIP ALG of Cisco IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco IOS XE: