The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Router

vulnerability note CVE-2018-0197

Cisco IOS, IOS XE: denial of service via VLAN Trunking Protocol

Synthesis of the vulnerability

Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Confidence: confirmed by the editor (5/5).
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-vtp, CSCvd37163, CVE-2018-0197, VIGILANCE-VUL-27344.

Description of the vulnerability

An attacker can generate a fatal error via VLAN Trunking Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-15369

Cisco IOS, IOS XE: denial of service via TACACS

Synthesis of the vulnerability

Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-tacplus, CSCux66796, CVE-2018-15369, VIGILANCE-VUL-27343.

Description of the vulnerability

An attacker can generate a fatal error via TACACS of Cisco IOS and IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2018-15368

Cisco IOS XE: privilege escalation via Privileged EXEC Mode Root Shell

Synthesis of the vulnerability

Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-privesc, CSCuw45594, CVE-2018-15368, VIGILANCE-VUL-27338.

Description of the vulnerability

An attacker can bypass restrictions via Privileged EXEC Mode Root Shell of Cisco IOS XE, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-15377

Cisco IOS, IOS XE: memory leak via Plug and Play

Synthesis of the vulnerability

Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-pnp-memleak, CSCvi30136, CVE-2018-15377, VIGILANCE-VUL-27337.

Description of the vulnerability

An attacker can create a memory leak via Plug and Play of Cisco IOS and IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-0466

Cisco IOS, IOS XE: denial of service via OSPFv3

Synthesis of the vulnerability

Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Confidence: confirmed by the editor (5/5).
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-ospfv3-dos, CSCuy82806, CVE-2018-0466, VIGILANCE-VUL-27336.

Description of the vulnerability

An attacker can generate a fatal error via OSPFv3 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2018-15372

Cisco IOS XE: privilege escalation via MACsec MKA EAP-TLS Authentication Bypass

Synthesis of the vulnerability

Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: privileged access/rights, data flow.
Provenance: LAN.
Confidence: confirmed by the editor (5/5).
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-macsec, CSCvh09411, CVE-2018-15372, VIGILANCE-VUL-27335.

Description of the vulnerability

An attacker can bypass restrictions via MACsec MKA EAP-TLS Authentication Bypass of Cisco IOS XE, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2018-15375 CVE-2018-15376

Cisco IOS: memory corruption via Test Commands

Synthesis of the vulnerability

Impacted products: IOS by Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-ir800-memwrite, CSCuy10473, CSCvc82464, CVE-2018-15375, CVE-2018-15376, VIGILANCE-VUL-27334.

Description of the vulnerability

An attacker can generate a memory corruption via Test Commands of Cisco IOS, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2018-0477 CVE-2018-0481

Cisco IOS XE: privilege escalation via CLI Command Injection

Synthesis of the vulnerability

Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-iosxe-cmdinj, CSCvh02919, CSCvh54202, CVE-2018-0477, CVE-2018-0481, VIGILANCE-VUL-27331.

Description of the vulnerability

An attacker can bypass restrictions via CLI Command Injection of Cisco IOS XE, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-15374

Cisco IOS XE: privilege escalation via Digital Signature Verification Bypass

Synthesis of the vulnerability

Impacted products: Cisco ASR, Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-digsig, CSCvh15737, CVE-2018-15374, VIGILANCE-VUL-27329.

Description of the vulnerability

An attacker can bypass restrictions via Digital Signature Verification Bypass of Cisco IOS XE, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2018-0475

Cisco IOS, IOS XE: denial of service via Cluster Management Protocol

Synthesis of the vulnerability

Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Confidence: confirmed by the editor (5/5).
Creation date: 27/09/2018.
Identifiers: CERTFR-2018-AVI-458, cisco-sa-20180926-cmp, CSCvg48576, CVE-2018-0475, VIGILANCE-VUL-27328.

Description of the vulnerability

An attacker can generate a fatal error via Cluster Management Protocol of Cisco IOS and IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco Router: