The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco IOS XR

computer vulnerability alert CVE-2019-1842

Cisco IOS XR: information disclosure via SSH Double Authentication

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SSH Double Authentication of Cisco IOS XR, in order to obtain sensitive information.
Impacted products: Cisco ASR, IOS XR Cisco.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 06/06/2019.
Identifiers: CERTFR-2019-AVI-248, cisco-sa-20190605-iosxr-ssh, CSCvo03672, CVE-2019-1842, VIGILANCE-VUL-29476.

Description of the vulnerability

An attacker can bypass access restrictions to data via SSH Double Authentication of Cisco IOS XR, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-1846

Cisco IOS XR: denial of service via MPLS OAM

Synthesis of the vulnerability

An attacker can trigger a fatal error via MPLS OAM of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 16/05/2019.
Identifiers: CERTFR-2019-AVI-228, cisco-sa-20190515-iosxr-mpls-dos, CVE-2019-1846, VIGILANCE-VUL-29343.

Description of the vulnerability

An attacker can trigger a fatal error via MPLS OAM of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-1849

Cisco IOS XR: denial of service via MPLS

Synthesis of the vulnerability

An attacker can trigger a fatal error via MPLS of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: data flow, denial of service on server, denial of service on service, denial of service on client.
Provenance: LAN.
Creation date: 16/05/2019.
Identifiers: CERTFR-2019-AVI-228, cisco-sa-20190515-iosxr-evpn-dos, CSCvk35997, CVE-2019-1849, VIGILANCE-VUL-29319.

Description of the vulnerability

An attacker can trigger a fatal error via MPLS of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-1712

Cisco IOS XR: denial of service via PIM

Synthesis of the vulnerability

An attacker can trigger a fatal error via PIM of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 18/04/2019.
Identifiers: cisco-sa-20190417-iosxr-pim-dos, CSCvg43676, CVE-2019-1712, VIGILANCE-VUL-29084.

Description of the vulnerability

An attacker can trigger a fatal error via PIM of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-15428

Cisco IOS XR: denial of service via BGP

Synthesis of the vulnerability

An attacker can generate a fatal error via BGP of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 04/10/2018.
Identifiers: CERTFR-2018-AVI-468, cisco-sa-20181003-iosxr-dos, CSCvj58445, CVE-2018-15428, VIGILANCE-VUL-27404.

Description of the vulnerability

An attacker can generate a fatal error via BGP of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0286

Cisco IOS XR: denial of service via netconf

Synthesis of the vulnerability

An attacker can generate a fatal error via netconf of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 03/05/2018.
Identifiers: CERTFR-2018-AVI-211, cisco-sa-20180502-iosxr, CSCvg95792, CVE-2018-0286, VIGILANCE-VUL-26033.

Description of the vulnerability

An attacker can generate a fatal error via netconf of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0241

Cisco IOS XR: denial of service via UDP Broadcast Forwarding

Synthesis of the vulnerability

An attacker can generate a fatal error via UDP Broadcast Forwarding of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-iosxr, CSCvi35625, CVE-2018-0241, VIGILANCE-VUL-25924.

Description of the vulnerability

An attacker can generate a fatal error via UDP Broadcast Forwarding of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-0167 CVE-2018-0175

Cisco IOS / IOS XE / IOS XR: memory corruption via LLDP

Synthesis of the vulnerability

An attacker can generate a memory corruption via LLDP of Cisco IOS / IOS XE / IOS XR, in order to trigger a denial of service, and possibly to run code.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco Router.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: LAN.
Number of vulnerabilities in this bulletin: 2.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-lldp, CSCuo17183, CSCvd73487, CSCvd73664, CVE-2018-0167, CVE-2018-0175, VIGILANCE-VUL-25697.

Description of the vulnerability

An attacker can generate a memory corruption via LLDP of Cisco IOS / IOS XE / IOS XR, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0132

Cisco IOS XR: denial of service via routing table corruption

Synthesis of the vulnerability

An attacker can trigger a corruption of the routing table in Cisco IOS XR, in order to block traffic forwarding.
Impacted products: Cisco ASR, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet server.
Creation date: 08/02/2018.
Identifiers: cisco-sa-20180207-iosxr, CVE-2018-0132, VIGILANCE-VUL-25250.

Description of the vulnerability

An attacker can trigger a corruption of the routing table in Cisco IOS XR, in order to block traffic forwarding.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-0136

Cisco ASR: denial of service via IPv6 segmentation

Synthesis of the vulnerability

An attacker can send segmented IPv6 packets to Cisco ASR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 01/02/2018.
Identifiers: CERTFR-2018-AVI-064, cisco-sa-20180131-ipv6, CVE-2018-0136, VIGILANCE-VUL-25189.

Description of the vulnerability

An attacker can send segmented IPv6 packets to Cisco ASR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco IOS XR: