The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Router

vulnerability alert CVE-2018-0123

Cisco IOS XE: system file corruption via a shell command

Synthesis of the vulnerability

An attacker can tamper with the filenames passed to some commands to Cisco IOS and IOS XE, in order to overwrite some system files.
Impacted products: Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Creation date: 08/02/2018.
Identifiers: cisco-sa-20180207-ios, CVE-2018-0123, VIGILANCE-VUL-25251.

Description of the vulnerability

An authenticated attacker can tamper with the filenames passed to some commands to Cisco IOS and IOS XE, in order to overwrite some system files.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-0132

Cisco IOS XR: denial of service via routing table corruption

Synthesis of the vulnerability

An attacker can trigger a corruption of the routing table in Cisco IOS XR, in order to block traffic forwarding.
Impacted products: Cisco ASR, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Creation date: 08/02/2018.
Identifiers: cisco-sa-20180207-iosxr, CVE-2018-0132, VIGILANCE-VUL-25250.

Description of the vulnerability

An attacker can trigger a corruption of the routing table in Cisco IOS XR, in order to block traffic forwarding.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-12304

Cisco IOS, IOS XE: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco IOS or IOS XE, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-ios, CSCvf60862, CVE-2017-12304, VIGILANCE-VUL-24475.

Description of the vulnerability

The Cisco IOS and IOS XE product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco IOS or IOS XE, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-12272

Cisco IOS XE: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco IOS XE, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Creation date: 19/10/2017.
Identifiers: CERTFR-2017-AVI-372, cisco-sa-20171018-cisco-ios-xe, CSCvb09516, CVE-2017-12272, VIGILANCE-VUL-24182.

Description of the vulnerability

The Cisco IOS XE product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco IOS XE, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-6731

Cisco IOS XR: denial of service via MSDP

Synthesis of the vulnerability

An attacker can send malicious MSDP packets to Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Creation date: 06/07/2017.
Identifiers: CERTFR-2017-AVI-202, cisco-sa-20170705-iosxr, CSCvd94828, CVE-2017-6731, VIGILANCE-VUL-23142.

Description of the vulnerability

The Cisco IOS XR product has a service to manage received MSDP packets.

However, when malicious MSDP packets are received, a fatal error occurs.

An attacker can therefore send malicious MSDP packets to Cisco IOS XR, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-6736 CVE-2017-6737 CVE-2017-6738

Cisco IOS, IOS XE: buffer overflow via SNMP

Synthesis of the vulnerability

An attacker can generate a buffer overflow via an SNMP packet in Cisco IOS, IOS XE, in order to trigger a denial of service, and possibly to run code.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Creation date: 30/06/2017.
Revision date: 04/07/2017.
Identifiers: CERTFR-2017-AVI-221, cisco-sa-20170629-snmp, CSCve54313, CSCve57697, CSCve60276, CSCve60376, CSCve60402, CSCve60507, CSCve66540, CSCve66601, CSCve66658, CSCve78027, CSCve89865, CVE-2017-6736, CVE-2017-6737, CVE-2017-6738, CVE-2017-6739, CVE-2017-6740, CVE-2017-6741, CVE-2017-6742, CVE-2017-6743, CVE-2017-6744, VIGILANCE-VUL-23105.

Description of the vulnerability

The Cisco IOS and IOS XE products offer a SNMP service.

However, if the size of received data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow via an SNMP packet in Cisco IOS, IOS XE, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-6666

Cisco IOS XR: denial of service via Traffic Engineering

Synthesis of the vulnerability

An authenticated local attacker can stop the tunnel of type Traffic Engineering of Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco, Cisco Router.
Severity: 1/4.
Creation date: 14/06/2017.
Identifiers: cisco-sa-20170607-ncs, CVE-2017-6666, VIGILANCE-VUL-22975.

Description of the vulnerability

An authenticated local attacker can stop the tunnel of type Traffic Engineering of Cisco IOS XR, in order to trigger a denial of service.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-6615

Cisco IOS XE: denial of service via SNMP

Synthesis of the vulnerability

An authenticated attacker can send malicious SNMP packets to a device running Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Creation date: 20/04/2017.
Revision date: 10/05/2017.
Identifiers: CERTFR-2017-AVI-127, cisco-sa-20170419-ios-xe-snmp, CVE-2017-6615, VIGILANCE-VUL-22513.

Description of the vulnerability

The Cisco IOS and IOS XE products have a service to manage received SNMP packets.

However, when malicious SNMP packets are received, a fatal error then a device reboot occurs.

An authenticated attacker can therefore send malicious SNMP packets to a device running Cisco IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-3860 CVE-2017-3861 CVE-2017-3862

Cisco IOS, IOS XE: buffer overflow via the EnergyWise module

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the module EnergyWise of Cisco Security Advisory Cisco IOS and IOS XE, in order to trigger a denial of service, and possibly to run code.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Creation date: 20/04/2017.
Identifiers: CERTFR-2017-AVI-127, cisco-sa-20170419-energywise, CSCur29331, CSCut47751, CSCut50727, CSCuu76493, CVE-2017-3860, CVE-2017-3861, CVE-2017-3862, CVE-2017-3863, VIGILANCE-VUL-22509.

Description of the vulnerability

An attacker can generate a buffer overflow in the module EnergyWise of Cisco Security Advisory Cisco IOS and IOS XE, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-3849

Cisco IOS, IOS XE: denial of service via ANI

Synthesis of the vulnerability

An attacker can send malicious packets to Cisco IOS or IOS XE with ANI, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Creation date: 21/03/2017.
Identifiers: cisco-sa-20170320-ani, CSCvc42717, CVE-2017-3849, VIGILANCE-VUL-22193.

Description of the vulnerability

The Cisco IOS and IOS XE product has an Autonomic Networking Infrastructure feature.

However, when malicious Autonomic Network Channel Discovery packets are received, a fatal error occurs in ANI.

An attacker can therefore send malicious packets to Cisco IOS or IOS XE with ANI, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco Router: