The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco IOS-XE

computer vulnerability CVE-2017-12304

Cisco IOS, IOS XE: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco IOS or IOS XE, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-ios, CSCvf60862, CVE-2017-12304, VIGILANCE-VUL-24475.

Description of the vulnerability

The Cisco IOS and IOS XE product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco IOS or IOS XE, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-12319

Cisco IOS XE: denial of service via BGP EVPN

Synthesis of the vulnerability

An attacker can generate a fatal error via BGP EVPN of Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 06/11/2017.
Identifiers: CERTFR-2017-AVI-393, cisco-sa-20171103-bgp, CSCui67191, CSCvg52875, CVE-2017-12319, VIGILANCE-VUL-24346.

Description of the vulnerability

An attacker can generate a fatal error via BGP EVPN of Cisco IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-12289

Cisco IOS XE: information disclosure via Verbose Debug Logging

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Verbose Debug Logging of Cisco IOS XE, in order to obtain sensitive information.
Impacted products: Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 19/10/2017.
Identifiers: CERTFR-2017-AVI-372, cisco-sa-20171018-cisco-ios-xe1, CSCvf12081, CVE-2017-12289, VIGILANCE-VUL-24183.

Description of the vulnerability

An attacker can bypass access restrictions to data via Verbose Debug Logging of Cisco IOS XE, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12272

Cisco IOS XE: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco IOS XE, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 19/10/2017.
Identifiers: CERTFR-2017-AVI-372, cisco-sa-20171018-cisco-ios-xe, CSCvb09516, CVE-2017-12272, VIGILANCE-VUL-24182.

Description of the vulnerability

The Cisco IOS XE product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco IOS XE, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-12222

Cisco IOS XE: denial of service via Wireless Controller Manager

Synthesis of the vulnerability

An attacker can generate a fatal error via Wireless Controller Manager of Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: radio connection.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-ios-xe, CSCvd45069, CVE-2017-12222, VIGILANCE-VUL-23957.

Description of the vulnerability

An attacker can generate a fatal error via Wireless Controller Manager of Cisco IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-12239

Cisco ASR/cBR-8: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Cisco ASR/cBR-8, in order to run code.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: physical access.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-cc, CSCvc65866, CSCve77132, CVE-2017-12239, VIGILANCE-VUL-23956.

Description of the vulnerability

An attacker can use a vulnerability of Cisco ASR/cBR-8, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-12237

Cisco IOS, IOS XE: denial of service via IKEv2

Synthesis of the vulnerability

An attacker can generate a fatal error via IKEv2 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-ike, CSCvc41277, CVE-2017-12237, VIGILANCE-VUL-23954.

Description of the vulnerability

An attacker can generate a fatal error via IKEv2 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-12236

Cisco IOS XE: privilege escalation via LISP

Synthesis of the vulnerability

An attacker can bypass restrictions via LISP of Cisco IOS XE, in order to escalate his privileges.
Impacted products: Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-lisp, CSCvc18008, CVE-2017-12236, VIGILANCE-VUL-23953.

Description of the vulnerability

An attacker can bypass restrictions via LISP of Cisco IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-12226

Cisco IOS XE: privilege escalation via Wireless Controller GUI

Synthesis of the vulnerability

An attacker can bypass restrictions via Wireless Controller GUI of Cisco IOS XE, in order to escalate his privileges.
Impacted products: Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-ngwc, CSCvd73746, CVE-2017-12226, VIGILANCE-VUL-23951.

Description of the vulnerability

An attacker can bypass restrictions via Wireless Controller GUI of Cisco IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-12228

Cisco IOS, IOS XE: Man-in-the-Middle via Cisco Network Plug and Play

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via Cisco Network Plug and Play on Cisco IOS and IOS XE, in order to read or write data in the session.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-pnp, CSCvc33171, CVE-2017-12228, VIGILANCE-VUL-23950.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle via Cisco Network Plug and Play on Cisco IOS and IOS XE, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco IOS-XE: