The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco IOS-XE

computer vulnerability note 25809

Cisco IOS / IOS XE: security improvement of Smart Install

Synthesis of the vulnerability

The security of Cisco IOS / IOS XE can be improved by securing Smart Install.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: no consequence.
Provenance: intranet client.
Creation date: 10/04/2018.
Identifiers: cisco-sa-20180409-smi, VIGILANCE-VUL-25809.

Description of the vulnerability

This bulletin is about a security improvement.

It does not describe a vulnerability.

The security of Cisco IOS / IOS XE can be improved by securing Smart Install.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0152

Cisco IOS XE: privilege escalation via Web UI

Synthesis of the vulnerability

An attacker can bypass restrictions via Web UI of Cisco IOS XE, in order to escalate his privileges.
Impacted products: Cisco Catalyst, IOS XE Cisco.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-xepriv, CSCvf71769, CVE-2018-0152, VIGILANCE-VUL-25710.

Description of the vulnerability

An attacker can bypass restrictions via Web UI of Cisco IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-0196

Cisco IOS XE: write access via Web UI

Synthesis of the vulnerability

An attacker can bypass access restrictions via Web UI of Cisco IOS XE, in order to alter data.
Impacted products: Cisco Catalyst, IOS XE Cisco.
Severity: 2/4.
Consequences: data creation/edition, data deletion.
Provenance: user account.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-wfw, CSCvb22645, CVE-2018-0196, VIGILANCE-VUL-25709.

Description of the vulnerability

An attacker can bypass access restrictions via Web UI of Cisco IOS XE, in order to alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-0186 CVE-2018-0188 CVE-2018-0190

Cisco IOS XE: Cross Site Scripting via Web UI

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Web UI of Cisco IOS XE, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco Catalyst, IOS XE Cisco.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-webuixss, CSCuz38591, CSCvb09530, CSCvb10022, CVE-2018-0186, CVE-2018-0188, CVE-2018-0190, VIGILANCE-VUL-25708.

Description of the vulnerability

The Cisco IOS XE product offers a web service.

However, it does not filter received data via Web UI before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Web UI of Cisco IOS XE, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-0161

Cisco IOS XE: denial of service via SNMP GET MIB Object ID

Synthesis of the vulnerability

An attacker can generate a fatal error via SNMP GET MIB Object ID of Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS XE Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user account.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-snmp, CSCvd89541, CVE-2018-0161, VIGILANCE-VUL-25707.

Description of the vulnerability

An attacker can generate a fatal error via SNMP GET MIB Object ID of Cisco IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-0160

Cisco IOS XE: use after free via SNMP

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via SNMP of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Impacted products: Cisco Catalyst, IOS XE Cisco.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user account.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-snmp-dos, CSCve75818, CVE-2018-0160, VIGILANCE-VUL-25706.

Description of the vulnerability

An attacker can force the usage of a freed memory area via SNMP of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0156

Cisco IOS XE: denial of service via Software Smart Install

Synthesis of the vulnerability

An attacker can generate a fatal error via Software Smart Install of Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS XE Cisco.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-smi, CSCvd40673, CVE-2018-0156, VIGILANCE-VUL-25705.

Description of the vulnerability

An attacker can generate a fatal error via Software Smart Install of Cisco IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0179 CVE-2018-0180

Cisco IOS XE: denial of service via Login Enhancements

Synthesis of the vulnerability

An attacker can generate a fatal error via Login Enhancements of Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS XE Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-slogin, CSCuy32360, CSCuz60599, CVE-2018-0179, CVE-2018-0180, VIGILANCE-VUL-25704.

Description of the vulnerability

An attacker can generate a fatal error via Login Enhancements of Cisco IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0164

Cisco IOS XE: denial of service via Switch Integrated Security Features

Synthesis of the vulnerability

An attacker can generate a fatal error via Switch Integrated Security Features of Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS XE Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-sisf, CSCvd75185, CVE-2018-0164, VIGILANCE-VUL-25703.

Description of the vulnerability

An attacker can generate a fatal error via Switch Integrated Security Features of Cisco IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0195

Cisco IOS XE: code execution via REST API

Synthesis of the vulnerability

An attacker can use a vulnerability via REST API of Cisco IOS XE, in order to run code.
Impacted products: Cisco Catalyst, IOS XE Cisco.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-rest, CSCuz56428, CVE-2018-0195, VIGILANCE-VUL-25702.

Description of the vulnerability

An attacker can use a vulnerability via REST API of Cisco IOS XE, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco IOS-XE: