The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IOS XE Cisco

vulnerability announce CVE-2016-1384

Cisco IOS, IOS XE: changing time via NTP

Synthesis of the vulnerability

An attacker can send malicious NTP packets to Cisco IOS or IOS XE, in order to change the system date.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 19/04/2016.
Identifiers: CERTFR-2016-AVI-140, cisco-sa-20160419-ios, CSCux46898, CVE-2016-1384, VIGILANCE-VUL-19412.

Description of the vulnerability

The Cisco IOS or IOS XE product uses NTP to set the time.

However, NTP packets are not correctly authenticated.

An attacker can therefore send malicious NTP packets to Cisco IOS or IOS XE, in order to change the system date.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-6360

libSRTP: out-of-bounds memory reading

Synthesis of the vulnerability

Impacted products: ASA, Cisco Catalyst, IOS XE Cisco, Cisco Router, Cisco CUCM, Cisco IP Phone, Cisco Wireless IP Phone, Debian, openSUSE Leap.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 04/04/2016.
Identifiers: CERTFR-2016-AVI-140, cisco-sa-20160420-libsrtp, CVE-2015-6360, DSA-3539-1, openSUSE-SU-2016:2266-1, VIGILANCE-VUL-19287.

Description of the vulnerability

An attacker can force a read at an invalid address of libSRTP, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-1349

Cisco IOS, IOS XE: denial of service via Smart Install

Synthesis of the vulnerability

An attacker can send a malicious Smart Install packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 24/03/2016.
Identifiers: CERTFR-2016-AVI-107, cisco-sa-20160323-smi, CSCuv45410, CVE-2016-1349, VIGILANCE-VUL-19220.

Description of the vulnerability

The Cisco IOS or IOS XE product has a service to manage received Smart Install packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious Smart Install packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-1344

Cisco IOS, IOS XE: denial of service via IKEv2

Synthesis of the vulnerability

An attacker can send a malicious IKEv2 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 24/03/2016.
Identifiers: CERTFR-2016-AVI-107, cisco-sa-20160323-ios-ikev2, CSCux38417, CVE-2016-1344, VIGILANCE-VUL-19219.

Description of the vulnerability

The Cisco IOS or IOS XE product has a service to manage received IKEv2 packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IKEv2 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-1348

Cisco IOS, IOS XE: denial of service via DHCPv6

Synthesis of the vulnerability

An attacker can send a malicious DHCPv6 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Confidence: confirmed by the editor (5/5).
Creation date: 24/03/2016.
Identifiers: CERTFR-2016-AVI-107, cisco-sa-20160323-dhcpv6, CSCus55821, CVE-2016-1348, VIGILANCE-VUL-19218.

Description of the vulnerability

The Cisco IOS or IOS XE product has a service to manage received DHCPv6 packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious DHCPv6 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-1350

Cisco IOS, IOS XE, Cisco Unified Communications Manager: denial of service via SIP

Synthesis of the vulnerability

An attacker can send a malicious SIP packet to Cisco IOS, IOS XE, or Cisco Unified Communications Manager, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router, Cisco CUCM.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 24/03/2016.
Identifiers: CERTFR-2016-AVI-107, cisco-sa-20160323-sip, CSCuj23293, CSCuv39370, CVE-2016-1350, VIGILANCE-VUL-19217.

Description of the vulnerability

The Cisco IOS, IOS XE, or Cisco Unified Communications Manager product has a service to manage received SIP packets.

However, when a malicious packet is received, a memory leak occurs, which leads to a fatal error.

An attacker can therefore send a malicious SIP packet to Cisco IOS, IOS XE, or Cisco Unified Communications Manager, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-0702 CVE-2016-0705 CVE-2016-0797

OpenSSL: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, PowerPath, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, HP Switch, AIX, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, Copssh, Juniper J-Series, Junos OS, Junos Space, Juniper Network Connect, NSM Central Manager, NSMXpress, McAfee Web Gateway, Meinberg NTP Server, Data ONTAP, Snap Creator Framework, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, Puppet, RHEL, JBoss EAP by Red Hat, ROX, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Manager, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, WindRiver Linux, VxWorks, X2GoClient.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 01/03/2016.
Revision date: 07/03/2016.
Identifiers: 000008897, 046178, 046208, 1979498, 1979602, 1987779, 1993210, 2003480, 2003620, 2003673, 2012827, 2013020, 2014202, 2014651, 2014669, 2015080, 2016039, 7043086, 9010066, 9010067, 9010072, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CTX208403, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842, DSA-3500-1, ESA-2016-080, FEDORA-2016-2802690366, FEDORA-2016-e1234b65a2, FEDORA-2016-e6807b3394, FreeBSD-SA-16:12.openssl, HPESBHF03741, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10722, JSA10759, K22334603, K52349521, K93122894, MBGSA-1602, NTAP-20160301-0001, NTAP-20160303-0001, NTAP-20160321-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:0720-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:1211-1, openSUSE-SU-2017:1212-1, PAN-SA-2016-0020, PAN-SA-2016-0028, PAN-SA-2016-0030, RHSA-2016:0301-01, RHSA-2016:0302-01, RHSA-2016:0303-01, RHSA-2016:0304-01, RHSA-2016:0305-01, RHSA-2016:0306-01, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, RHSA-2016:1519-01, RHSA-2016:2073-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA117, SA40168, SB10156, SOL22334603, SOL40524634, SOL52349521, SOL79215841, SOL93122894, SSA:2016-062-02, SSA-623229, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2016-03, USN-2914-1, VIGILANCE-VUL-19060, VN-2016-004, VU#583776.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle on a server supporting SSLv2 and EXPORT ciphers (this configuration is considered as weak since several years), in order to read or write data in the session. [severity:2/4; CVE-2016-0800, VU#583776]

An attacker can force the usage of a freed memory area when OpenSSL processes a DSA private key (this scenario is rare), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0705]

An attacker can read a memory fragment via SRP_VBASE_get_by_user, in order to obtain sensitive information. [severity:1/4; CVE-2016-0798]

An attacker can force a NULL pointer to be dereferenced in BN_hex2bn(), in order to trigger a denial of service. [severity:1/4; CVE-2016-0797]

An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the BIO_*printf() functions, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0799]

An attacker can use cache conflicts on Intel Sandy-Bridge, in order to obtain RSA keys. [severity:1/4; CVE-2016-0702]

An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the internal doapr_outch() function, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2842]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-0703 CVE-2016-0704

OpenSSL: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, BIG-IP Hardware, TMOS, FreeBSD, HP Switch, IRAD, Copssh, Juniper J-Series, Junos OS, Junos Space, Juniper Network Connect, NSM Central Manager, NSMXpress, Data ONTAP, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, SUSE Linux Enterprise Desktop, SLES, Nessus, WindRiver Linux, VxWorks.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 01/03/2016.
Identifiers: 046178, 046208, 1979498, 9010067, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CVE-2016-0703, CVE-2016-0704, FreeBSD-SA-16:12.openssl, HPESBHF03741, JSA10759, NTAP-20160303-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0720-1, PAN-SA-2016-0030, RHSA-2016:0372-01, SA117, SA40168, SOL95463126, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, TNS-2016-03, VIGILANCE-VUL-19061.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

The 2_srvr.c file did not enforce that clear-key-length is zero for non-export ciphers, so an attacker can act as a Man-in-the-Middle on SSLv2, in order to read or write data in the session. [severity:2/4; CVE-2016-0703]

The 2_srvr.c file overwrite some byte dur the Bleichenbacher protection, so an attacker can act as a Man-in-the-Middle on SSLv2, in order to read or write data in the session. [severity:2/4; CVE-2016-0704]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-7547

glibc: buffer overflow of getaddrinfo

Synthesis of the vulnerability

An attacker, who owns a malicious DNS server, can reply with long data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Impacted products: ArubaOS, Blue Coat CAS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco Catalyst, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Cisco Prime DCNM, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco Wireless IP Phone, Cisco Wireless Controller, XenDesktop, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, QRadar SIEM, Trinzic, NSM Central Manager, NSMXpress, McAfee Email Gateway, McAfee MOVE AntiVirus, VirusScan, McAfee Web Gateway, openSUSE, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RealPresence Distributed Media Application, Polycom VBP, RHEL, ROX, RuggedSwitch, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware vSphere, VMware vSphere Hypervisor, WindRiver Linux.
Severity: 4/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 16/02/2016.
Revision date: 17/02/2016.
Identifiers: 046146, 046151, 046153, 046155, 046158, 1977665, 478832, 479427, 479906, 480572, 480707, 480708, ARUBA-PSA-2016-001, BSA-2016-003, BSA-2016-004, CERTFR-2016-AVI-066, CERTFR-2016-AVI-071, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20160218-glibc, CTX206991, CVE-2015-7547, ESA-2016-020, ESA-2016-027, ESA-2016-028, ESA-2016-029, ESA-2016-030, FEDORA-2016-0480defc94, FEDORA-2016-0f9e9a34ce, JSA10774, KB #4858, openSUSE-SU-2016:0490-1, openSUSE-SU-2016:0510-1, openSUSE-SU-2016:0511-1, openSUSE-SU-2016:0512-1, PAN-SA-2016-0021, RHSA-2016:0175-01, RHSA-2016:0176-01, RHSA-2016:0225-01, SA114, SB10150, SOL47098834, SSA:2016-054-02, SSA-301706, SUSE-SU-2016:0470-1, SUSE-SU-2016:0471-1, SUSE-SU-2016:0472-1, SUSE-SU-2016:0473-1, USN-2900-1, VIGILANCE-VUL-18956, VMSA-2016-0002, VMSA-2016-0002.1, VN-2016-003.

Description of the vulnerability

The glibc library implements a DNS resolver (libresolv).

An application can thus call the getaddrinfo() function, which queries DNS servers. When the AF_UNSPEC type is used in the getaddrinfo() call, two DNS A and AAAA queries are sent simultaneously. However, this special case, and a case with AF_INET6 are not correctly managed, and lead to an overflow if the reply coming from the DNS server is larger than 2048 bytes.

An attacker, who owns a malicious DNS server, can therefore reply with large data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-1330

Cisco IOS: denial of service via CDP

Synthesis of the vulnerability

An attacker can send a specially crafted CDP packet to an host running Cisco IOS, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Confidence: confirmed by the editor (5/5).
Creation date: 16/02/2016.
Identifiers: CERTFR-2016-AVI-065, cisco-sa-20160215-ie2000, CSCuy27746, CVE-2016-1330, VIGILANCE-VUL-18947.

Description of the vulnerability

The Cisco IOS product includes an implementation of the proprietary protocol "Cisco Discovery Protocol", used to manage the neighborhood.

However, the parsing and validation of CDP packet is incomplete and there are some packets the decoding of which leads to a fatal error and then host reboot.

An attacker can therefore send a specially crafted CDP packet to an host running Cisco IOS, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IOS XE Cisco: