The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IOS XE Cisco

vulnerability CVE-2016-6438

Cisco cBR-8: privilege escalation via Vty Line

Synthesis of the vulnerability

An attacker can bypass restrictions via Vty Line of Cisco cBR-8, in order to escalate his privileges.
Impacted products: IOS XE Cisco.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 13/10/2016.
Identifiers: CERTFR-2016-AVI-343, cisco-sa-20161012-cbr-8, CSCuz62815, CVE-2016-6438, VIGILANCE-VUL-20860.

Description of the vulnerability

An attacker can bypass restrictions via Vty Line of Cisco cBR-8, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-6423

Cisco IOS, IOS XE: denial of service via IKEv2

Synthesis of the vulnerability

An attacker can send a malicious IKEv2 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 06/10/2016.
Identifiers: CERTFR-2016-AVI-331, cisco-sa-20161005-ios-ikev, CSCux97540, CVE-2016-6423, VIGILANCE-VUL-20780.

Description of the vulnerability

The Cisco IOS and IOS XE product has a service to manage received IKEv2 packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IKEv2 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-6289

Cisco IOS, IOS XE: denial of service via TCP

Synthesis of the vulnerability

An attacker can tamper with the TCP packet stream on Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 21/06/2016.
Revisions dates: 19/08/2016, 04/10/2016.
Identifiers: CERTFR-2016-AVI-325, cisco-sa-20160620-isr, CSCuu13476, CVE-2015-6289, VIGILANCE-VUL-19944.

Description of the vulnerability

The Cisco IOS or IOS XE product includes TCP services (SSH, etc.).

However, when TCP packets associated to an existing connection are received out-of-order, a memory leak occurs in Cisco IOS/XE, which leads to a performance drop.

An attacker can therefore tamper with the TCP packet stream on Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-6385

Cisco IOS, IOS XE: memory leak via Smart Install

Synthesis of the vulnerability

An attacker can create a memory leak via Smart Install of Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 29/09/2016.
Identifiers: CERTFR-2016-AVI-322, cisco-sa-20160928-smi, CSCuy82367, CVE-2016-6385, VIGILANCE-VUL-20728.

Description of the vulnerability

The Cisco IOS or IOS XE product has a service to manage received Smart Install (4786/tcp) packets.

However, the memory allocated to process some packets is never freed.

An attacker can therefore create a memory leak via Smart Install of Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-6382

Cisco IOS, IOS XE: denial of service via IPv6 PIM Register

Synthesis of the vulnerability

An attacker can send a malicious IPv6 PIM Register packet to Cisco IOS, IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 29/09/2016.
Identifiers: CERTFR-2016-AVI-322, cisco-sa-20160928-msdp, CSCuy16399, CVE-2016-6382, VIGILANCE-VUL-20727.

Description of the vulnerability

The Cisco IOS or IOS XE product has a service to manage received IPv6 PIM Register packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IPv6 PIM Register packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-6392

Cisco IOS, IOS XE: denial of service via IPv4 MSDP

Synthesis of the vulnerability

An attacker can send a malicious IPv4 MSDP packet to Cisco IOS, IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 29/09/2016.
Identifiers: CERTFR-2016-AVI-322, cisco-sa-20160928-msdp, CSCud36767, CVE-2016-6392, VIGILANCE-VUL-20726.

Description of the vulnerability

The Cisco IOS or IOS XE product has a service to manage received IPv4 MSDP packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IPv4 MSDP packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-6379

Cisco IOS, IOS XE: denial of service via IPDR

Synthesis of the vulnerability

An attacker can send a malicious IPDR packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 29/09/2016.
Identifiers: CERTFR-2016-AVI-322, cisco-sa-20160928-ipdr, CSCuu35089, CVE-2016-6379, VIGILANCE-VUL-20725.

Description of the vulnerability

The Cisco IOS or IOS XE product has a service to manage received IPDR (IP Detail Record) packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IPDR packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-6381

Cisco IOS, IOS XE: denial of service via IKEv1

Synthesis of the vulnerability

An attacker can send a malicious IKEv1 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 29/09/2016.
Identifiers: CERTFR-2016-AVI-322, cisco-sa-20160928-ios-ikev1, CSCuy47382, CVE-2016-6381, VIGILANCE-VUL-20724.

Description of the vulnerability

The Cisco IOS or IOS XE product has a service to manage received IKEv1 packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IKEv1 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6384

Cisco IOS, IOS XE: denial of service via H.323

Synthesis of the vulnerability

An attacker can send a malicious H.323 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 29/09/2016.
Identifiers: CERTFR-2016-AVI-322, cisco-sa-20160928-h323, CSCux04257, CVE-2016-6384, VIGILANCE-VUL-20723.

Description of the vulnerability

The Cisco IOS or IOS XE product has a service to manage received H.323 packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious H.323 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-6386

Cisco IOS XE: denial of service via IPv4 Fragment

Synthesis of the vulnerability

An attacker can send a malicious IPv4 Fragment packet to Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 29/09/2016.
Identifiers: CERTFR-2016-AVI-322, cisco-sa-20160928-frag, CSCux66005, CVE-2016-6386, VIGILANCE-VUL-20722.

Description of the vulnerability

The Cisco IOS XE product has a service to reassemble received IPv4 fragmented packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IPv4 Fragment packet to Cisco IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IOS XE Cisco: