The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Router

computer vulnerability alert CVE-2019-1904

Cisco IOS XE: Cross Site Request Forgery via Web UI

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery via Web UI of Cisco IOS XE, in order to force the victim to perform operations.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 13/06/2019.
Identifiers: CERTFR-2019-AVI-270, cisco-sa-20190612-iosxe-csrf, CSCuy98103, CVE-2019-1904, VIGILANCE-VUL-29526.

Description of the vulnerability

The Cisco IOS XE product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery via Web UI of Cisco IOS XE, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-1849

Cisco IOS XR: denial of service via MPLS

Synthesis of the vulnerability

An attacker can trigger a fatal error via MPLS of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: data flow, denial of service on server, denial of service on service, denial of service on client.
Provenance: LAN.
Creation date: 16/05/2019.
Identifiers: CERTFR-2019-AVI-228, cisco-sa-20190515-iosxr-evpn-dos, CSCvk35997, CVE-2019-1849, VIGILANCE-VUL-29319.

Description of the vulnerability

An attacker can trigger a fatal error via MPLS of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-1712

Cisco IOS XR: denial of service via PIM

Synthesis of the vulnerability

An attacker can trigger a fatal error via PIM of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 18/04/2019.
Identifiers: cisco-sa-20190417-iosxr-pim-dos, CSCvg43676, CVE-2019-1712, VIGILANCE-VUL-29084.

Description of the vulnerability

An attacker can trigger a fatal error via PIM of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-1711

Cisco IOS XR: denial of service via gRPC

Synthesis of the vulnerability

An attacker can trigger a fatal error via gRPC of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 18/04/2019.
Identifiers: cisco-sa-20190417-ios-xr-dos, CSCve12615, CVE-2019-1711, VIGILANCE-VUL-29083.

Description of the vulnerability

An attacker can trigger a fatal error via gRPC of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0484

Cisco IOS, IOS XE: access via SSH VRF

Synthesis of the vulnerability

An attacker can bypass restrictions to open a SSH connection via VRF of Cisco IOS or IOS XE, in order to try to authenticate.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 10/01/2019.
Identifiers: cisco-sa-20190109-ios-ssh-vrf, CSCvk37852, CVE-2018-0484, VIGILANCE-VUL-28205.

Description of the vulnerability

An attacker can bypass restrictions to open a SSH connection via VRF of Cisco IOS or IOS XE, in order to try to authenticate.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-15428

Cisco IOS XR: denial of service via BGP

Synthesis of the vulnerability

An attacker can generate a fatal error via BGP of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 04/10/2018.
Identifiers: CERTFR-2018-AVI-468, cisco-sa-20181003-iosxr-dos, CSCvj58445, CVE-2018-15428, VIGILANCE-VUL-27404.

Description of the vulnerability

An attacker can generate a fatal error via BGP of Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-0469

Cisco IOS XE: use after free via Web UI

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Web UI of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-webuidos, CSCva31961, CVE-2018-0469, VIGILANCE-VUL-27346.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Web UI of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0470

Cisco IOS XE: buffer overflow via HTTP

Synthesis of the vulnerability

An attacker can generate a buffer overflow via HTTP of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-webdos, CSCvb22618, CVE-2018-0470, VIGILANCE-VUL-27345.

Description of the vulnerability

An attacker can generate a buffer overflow via HTTP of Cisco IOS XE, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0197

Cisco IOS, IOS XE: denial of service via VLAN Trunking Protocol

Synthesis of the vulnerability

An attacker can generate a fatal error via VLAN Trunking Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-vtp, CSCvd37163, CVE-2018-0197, VIGILANCE-VUL-27344.

Description of the vulnerability

An attacker can generate a fatal error via VLAN Trunking Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-15369

Cisco IOS, IOS XE: denial of service via TACACS

Synthesis of the vulnerability

An attacker can generate a fatal error via TACACS of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-tacplus, CSCux66796, CVE-2018-15369, VIGILANCE-VUL-27343.

Description of the vulnerability

An attacker can generate a fatal error via TACACS of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco Router: