The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IOS XE Cisco

vulnerability announce CVE-2015-7691 CVE-2015-7692 CVE-2015-7701

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: ArubaOS, Blue Coat CAS, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco Unity ~ precise, Debian, ExtremeXOS, Ridgeline, Summit, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Juniper J-Series, Junos OS, McAfee Web Gateway, Meinberg NTP Server, NetBSD, NTP.org, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, ROX, RuggedSwitch, Slackware, Spectracom SecureSync, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.
Severity: 3/4.
Creation date: 22/10/2015.
Identifiers: 045915, ARUBA-PSA-2015-010, BSA-2016-004, BSA-2016-005, bulletinjan2016, c05270839, CERTFR-2015-AVI-449, cisco-sa-20151021-ntp, CVE-2015-5196-REJECT, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871, DSA-3388-1, FEDORA-2015-77bfbc1bcd, FEDORA-2016-34bc10a2c8, FreeBSD-SA-15:25.ntp, HPSBHF03646, JSA10711, NetBSD-SA2016-001, ntp_advisory4, openSUSE-SU-2015:2016-1, openSUSE-SU-2016:1423-1, RHSA-2015:1930-01, RHSA-2015:2520-01, RHSA-2016:0780-01, RHSA-2016:2583-02, SA103, SB10164, SOL10600056, SOL17515, SOL17516, SOL17517, SOL17518, SOL17521, SOL17522, SOL17524, SOL17525, SOL17526, SOL17527, SOL17528, SOL17529, SOL17530, SOL17566, SSA:2015-302-03, SSA-396873, SSA-472334, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, Synology-SA-18:13, Synology-SA-18:14, TALOS-2015-0052, TALOS-2015-0054, TALOS-2015-0055, TALOS-2015-0062, TALOS-2015-0063, TALOS-2015-0064, TALOS-2015-0065, TALOS-2015-0069, USN-2783-1, VIGILANCE-VUL-18162, VN-2015-009.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can bypass the authentication in crypto-NAK, in order to escalate his privileges. [severity:3/4; CVE-2015-7871, TALOS-2015-0069]

An attacker can trigger a fatal error in decodenetnum, in order to trigger a denial of service. [severity:2/4; CVE-2015-7855]

An attacker can generate a buffer overflow in Password, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7854, TALOS-2015-0065]

An attacker can generate a buffer overflow in refclock, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7853, TALOS-2015-0064]

An attacker can generate a memory corruption in atoascii, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7852, TALOS-2015-0063]

An attacker can traverse directories in saveconfig, in order to read a file outside the root path. [severity:2/4; CVE-2015-7851, TALOS-2015-0062]

An attacker can trigger a fatal error in logfile-keyfile, in order to trigger a denial of service. [severity:2/4; CVE-2015-7850, TALOS-2015-0055]

An attacker can force the usage of a freed memory area in Trusted Key, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7849, TALOS-2015-0054]

An attacker can force a read at an invalid address with a Mode packet, in order to trigger a denial of service. [severity:2/4; CVE-2015-7848, TALOS-2015-0052]

An attacker can create a memory leak in CRYPTO_ASSOC, in order to trigger a denial of service. [severity:2/4; CVE-2015-7701]

An authenticated attacker can use pidfile/driftfile, to corrupt a file with its privileges (VIGILANCE-VUL-17747). [severity:2/4; CVE-2015-5196-REJECT, CVE-2015-7703]

An attacker can trigger a fatal error in the ntp client, in order to trigger a denial of service. [severity:2/4; CVE-2015-7704]

An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2015-7705]

An unknown vulnerability was announced in Autokey. [severity:2/4; CVE-2015-7691]

An unknown vulnerability was announced in Autokey. [severity:2/4; CVE-2015-7692]

An unknown vulnerability was announced in Autokey. [severity:2/4; CVE-2015-7702]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-6278 CVE-2015-6279

Cisco IOS, IOS XE: denial of service via IPv6 First Hop

Synthesis of the vulnerability

An attacker can generate a fatal error in the processing of IPv6 First Hop on Cisco IOS, IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Creation date: 23/09/2015.
Identifiers: 40940, 40941, CERTFR-2015-AVI-407, cisco-sa-20150923-fhs, CSCuo04400, CSCus19794, CVE-2015-6278, CVE-2015-6279, VIGILANCE-VUL-17965.

Description of the vulnerability

Two vulnerabilities were announced in Cisco IOS and IOS XE.

An attacker can send a malicious IPv6 ND CGA (Cryptographically Generated Address) packet, in order to trigger a denial of service. [severity:2/4; 40940, CSCus19794, CVE-2015-6278]

An attacker can send a malicious IPv6 ND for CPPr (Control Plane Protection) packet, in order to trigger a denial of service. [severity:2/4; 40941, CSCuo04400, CVE-2015-6279]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-6282

Cisco IOS XE: denial of service via NAT and MPLS

Synthesis of the vulnerability

An attacker can send a malicious IPv4 packet to Cisco IOS XE with NAT and MPLS, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 3/4.
Creation date: 23/09/2015.
Identifiers: 40939, CERTFR-2015-AVI-407, cisco-sa-20150923-iosxe, CSCut96933, CVE-2015-6282, VIGILANCE-VUL-17964.

Description of the vulnerability

The Cisco IOS XE product can support the MPLS (Multiprotocol Label Switching) service.

However, a malicious IPv4 packet which goes through a NAT with a MPLS service generates a fatal error in Cisco IOS XE on Cisco ASR 1000 Series..

An attacker can therefore send a malicious IPv4 packet to Cisco IOS XE with NAT and MPLS, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-6280

Cisco IOS, IOS XE: access via SSHv2 with RSA

Synthesis of the vulnerability

An attacker can connect via SSHv2 to the account of a Cisco IOS or IOS XE user, in order to perform operations with his privileges.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Creation date: 23/09/2015.
Identifiers: 40938, CERTFR-2015-AVI-407, cisco-sa-20150923-sshpk, CSCus73013, CVE-2015-6280, VIGILANCE-VUL-17963.

Description of the vulnerability

The Cisco IOS or IOS XE product can be configured with a SSHv2 authentication based on RSA user keys.

However, an attacker who knows a username and his RSA public key, can authenticate without knowing his private key.

An attacker can therefore connect via SSHv2 to the account of a Cisco IOS or IOS XE user, in order to perform operations with his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-6294

Cisco IOS XE: denial of service via Cisco Discovery Protocol

Synthesis of the vulnerability

An attacker can send a malicious Cisco Discovery Protocol packet to Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco.
Severity: 2/4.
Creation date: 17/09/2015.
Identifiers: 41006, CSCuu25770, CVE-2015-6294, VIGILANCE-VUL-17918.

Description of the vulnerability

The Cisco IOS XE product has a service to manage received Cisco Discovery Protocol packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious Cisco Discovery Protocol packet to Cisco IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-6274

Cisco ASR 1000: denial of service via IPv4 Fragments

Synthesis of the vulnerability

An attacker can send numerous fragmented IPv4 packets to Cisco ASR 1000, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 2/4.
Creation date: 01/09/2015.
Identifiers: 40708, CSCuv71273, CVE-2015-6274, VIGILANCE-VUL-17782.

Description of the vulnerability

The Cisco ASR 1000 product reassembles IPv4 packets.

However, when there are more than 100000 packets per second, the reassembly operation overloads the QFP (Cisco QuantumFlow Processor).

An attacker can therefore send numerous fragmented IPv4 packets to Cisco ASR 1000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-6273

Cisco ASR 1000: denial of service of VFR via IP

Synthesis of the vulnerability

An attacker can send a malicious IP packet to Cisco ASR 1000, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 3/4.
Creation date: 28/08/2015.
Identifiers: 40690, CSCtd19103, CSCte93229, CSCtf87624, CSCti63623, CVE-2015-6273, VIGILANCE-VUL-17773.

Description of the vulnerability

The Cisco ASR 1000 product has a service to manage received IP packets.

However, when a malicious packet is received, a fatal error occurs in VFR (Virtual Fragment Reassembly).

An attacker can therefore send a malicious IP packet to Cisco ASR 1000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-6269

Cisco ASR 1000: denial of service via IP

Synthesis of the vulnerability

An attacker can send a malicious IP packet to Cisco ASR 1000, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 3/4.
Creation date: 28/08/2015.
Identifiers: 40686, CSCsw69990, CVE-2015-6269, VIGILANCE-VUL-17772.

Description of the vulnerability

The Cisco ASR 1000 product has a service to manage received IP packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IP packet to Cisco ASR 1000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-6271

Cisco ASR 1000: denial of service via SIP

Synthesis of the vulnerability

An attacker can send a malicious SIP packet to Cisco ASR 1000, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 2/4.
Creation date: 28/08/2015.
Identifiers: 40688, CSCta74749, CSCta77008, CVE-2015-6271, VIGILANCE-VUL-17771.

Description of the vulnerability

The Cisco ASR 1000 product has a service to manage received SIP packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious SIP packet to Cisco ASR 1000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-6270

Cisco ASR 1000: denial of service via IPv6

Synthesis of the vulnerability

An attacker can send a malicious IPv6 packet to Cisco ASR 1000, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 3/4.
Creation date: 28/08/2015.
Identifiers: 40687, CSCsv98555, CVE-2015-6270, VIGILANCE-VUL-17770.

Description of the vulnerability

The Cisco ASR 1000 product has a service to manage received IPv6 packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IPv6 packet to Cisco ASR 1000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IOS XE Cisco: