The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Router

vulnerability note CVE-2019-1712

Cisco IOS XR: denial of service via PIM

Synthesis of the vulnerability

An attacker can trigger a fatal error via PIM of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 18/04/2019.
Identifiers: cisco-sa-20190417-iosxr-pim-dos, CSCvg43676, CVE-2019-1712, VIGILANCE-VUL-29084.

Description of the vulnerability

An attacker can trigger a fatal error via PIM of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-1711

Cisco IOS XR: denial of service via gRPC

Synthesis of the vulnerability

An attacker can trigger a fatal error via gRPC of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 18/04/2019.
Identifiers: cisco-sa-20190417-ios-xr-dos, CSCve12615, CVE-2019-1711, VIGILANCE-VUL-29083.

Description of the vulnerability

An attacker can trigger a fatal error via gRPC of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0484

Cisco IOS, IOS XE: access via SSH VRF

Synthesis of the vulnerability

An attacker can bypass restrictions to open a SSH connection via VRF of Cisco IOS or IOS XE, in order to try to authenticate.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 10/01/2019.
Identifiers: cisco-sa-20190109-ios-ssh-vrf, CSCvk37852, CVE-2018-0484, VIGILANCE-VUL-28205.

Description of the vulnerability

An attacker can bypass restrictions to open a SSH connection via VRF of Cisco IOS or IOS XE, in order to try to authenticate.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-15428

Cisco IOS XR: denial of service via BGP

Synthesis of the vulnerability

An attacker can generate a fatal error via BGP of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 04/10/2018.
Identifiers: CERTFR-2018-AVI-468, cisco-sa-20181003-iosxr-dos, CSCvj58445, CVE-2018-15428, VIGILANCE-VUL-27404.

Description of the vulnerability

An attacker can generate a fatal error via BGP of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-0469

Cisco IOS XE: use after free via Web UI

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Web UI of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-webuidos, CSCva31961, CVE-2018-0469, VIGILANCE-VUL-27346.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Web UI of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0470

Cisco IOS XE: buffer overflow via HTTP

Synthesis of the vulnerability

An attacker can generate a buffer overflow via HTTP of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-webdos, CSCvb22618, CVE-2018-0470, VIGILANCE-VUL-27345.

Description of the vulnerability

An attacker can generate a buffer overflow via HTTP of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0197

Cisco IOS, IOS XE: denial of service via VLAN Trunking Protocol

Synthesis of the vulnerability

An attacker can generate a fatal error via VLAN Trunking Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-vtp, CSCvd37163, CVE-2018-0197, VIGILANCE-VUL-27344.

Description of the vulnerability

An attacker can generate a fatal error via VLAN Trunking Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-15369

Cisco IOS, IOS XE: denial of service via TACACS

Synthesis of the vulnerability

An attacker can generate a fatal error via TACACS of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-tacplus, CSCux66796, CVE-2018-15369, VIGILANCE-VUL-27343.

Description of the vulnerability

An attacker can generate a fatal error via TACACS of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-0476

Cisco IOS XE: denial of service via NAT SIP ALG

Synthesis of the vulnerability

An attacker can generate a fatal error via NAT SIP ALG of Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-sip-alg, CSCvg89036, CVE-2018-0476, VIGILANCE-VUL-27341.

Description of the vulnerability

An attacker can generate a fatal error via NAT SIP ALG of Cisco IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-15368

Cisco IOS XE: privilege escalation via Privileged EXEC Mode Root Shell

Synthesis of the vulnerability

An attacker can bypass restrictions via Privileged EXEC Mode Root Shell of Cisco IOS XE, in order to escalate his privileges.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user account.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-privesc, CSCuw45594, CVE-2018-15368, VIGILANCE-VUL-27338.

Description of the vulnerability

An attacker can bypass restrictions via Privileged EXEC Mode Root Shell of Cisco IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco Router: