The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco IOS-XR

vulnerability CVE-2018-0132

Cisco IOS XR: denial of service via routing table corruption

Synthesis of the vulnerability

An attacker can trigger a corruption of the routing table in Cisco IOS XR, in order to block traffic forwarding.
Impacted products: Cisco ASR, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet server.
Creation date: 08/02/2018.
Identifiers: cisco-sa-20180207-iosxr, CVE-2018-0132, VIGILANCE-VUL-25250.

Description of the vulnerability

An attacker can trigger a corruption of the routing table in Cisco IOS XR, in order to block traffic forwarding.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-0136

Cisco ASR: denial of service via IPv6 segmentation

Synthesis of the vulnerability

An attacker can send segmented IPv6 packets to Cisco ASR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 01/02/2018.
Identifiers: CERTFR-2018-AVI-064, cisco-sa-20180131-ipv6, CVE-2018-0136, VIGILANCE-VUL-25189.

Description of the vulnerability

An attacker can send segmented IPv6 packets to Cisco ASR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-12355

Cisco IOS XR: denial of service via LPTS

Synthesis of the vulnerability

An attacker can send malicious LPTS packets to Cisco IOS XR, in order to trigger a denial of service.
Impacted products: IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 30/11/2017.
Identifiers: cisco-sa-20171129-ios-xr, CSCvf76332, CVE-2017-12355, VIGILANCE-VUL-24579.

Description of the vulnerability

An attacker can send malicious LPTS packets to Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-12270

Cisco IOS XR: denial of service via gRPC

Synthesis of the vulnerability

An attacker can generate a fatal error via gRPC of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: IOS XR Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 05/10/2017.
Identifiers: CERTFR-2017-AVI-333, cisco-sa-20171004-ncs, CSCvb99388, CVE-2017-12270, VIGILANCE-VUL-24029.

Description of the vulnerability

An attacker can generate a fatal error via gRPC of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-6731

Cisco IOS XR: denial of service via MSDP

Synthesis of the vulnerability

An attacker can send malicious MSDP packets to Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 06/07/2017.
Identifiers: CERTFR-2017-AVI-202, cisco-sa-20170705-iosxr, CSCvd94828, CVE-2017-6731, VIGILANCE-VUL-23142.

Description of the vulnerability

The Cisco IOS XR product has a service to manage received MSDP packets.

However, when malicious MSDP packets are received, a fatal error occurs.

An attacker can therefore send malicious MSDP packets to Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-6728

Cisco IOS XR: privilege escalation via CLI

Synthesis of the vulnerability

An attacker can bypass restrictions via CLI of Cisco IOS XR, in order to escalate his privileges.
Impacted products: Cisco Catalyst, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 06/07/2017.
Identifiers: CERTFR-2017-AVI-202, cisco-sa-20170705-ios, CSCvb99389, CVE-2017-6728, VIGILANCE-VUL-23141.

Description of the vulnerability

An attacker can bypass restrictions via CLI of Cisco IOS XR, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-6719

Cisco IOS XR: privilege escalation via CLI

Synthesis of the vulnerability

An attacker can bypass restrictions via CLI of Cisco IOS XR, in order to escalate his privileges.
Impacted products: Cisco Catalyst, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 22/06/2017.
Revision date: 27/06/2017.
Identifiers: CERTFR-2017-AVI-191, cisco-sa-20170621-ios, CSCvb99406, CVE-2017-6719, VIGILANCE-VUL-23059.

Description of the vulnerability

An attacker can bypass restrictions via CLI of Cisco IOS XR, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-6718

Cisco IOS XR: privilege escalation via CLI

Synthesis of the vulnerability

An attacker can bypass restrictions via CLI of Cisco IOS XR, in order to escalate his privileges.
Impacted products: Cisco Catalyst, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 22/06/2017.
Revision date: 27/06/2017.
Identifiers: CERTFR-2017-AVI-191, cisco-sa-20170621-ios1, CSCvb99384, CVE-2017-6718, VIGILANCE-VUL-23060.

Description of the vulnerability

An attacker can bypass restrictions via CLI of Cisco IOS XR, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-6666

Cisco IOS XR: denial of service via Traffic Engineering

Synthesis of the vulnerability

An authenticated local attacker can stop the tunnel of type Traffic Engineering of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco, Cisco Router.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: privileged account.
Creation date: 14/06/2017.
Identifiers: cisco-sa-20170607-ncs, CVE-2017-6666, VIGILANCE-VUL-22975.

Description of the vulnerability

An authenticated local attacker can stop the tunnel of type Traffic Engineering of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-3876

Cisco IOS XR: denial of service via Event Management Service gRPC

Synthesis of the vulnerability

An attacker can generate a fatal error via Event Management Service gRPC of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 03/05/2017.
Identifiers: CERTFR-2017-AVI-139, cisco-sa-20170503-ios-xr, CSCvb14441, CVE-2017-3876, VIGILANCE-VUL-22641.

Description of the vulnerability

An attacker can generate a fatal error via Event Management Service gRPC of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco IOS-XR: