The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IOS XE Cisco

computer vulnerability announce CVE-2015-7973 CVE-2015-7974 CVE-2015-7975

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: SNS, Blue Coat CAS, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Juniper J-Series, Junos OS, Junos Space, Meinberg NTP Server, NTP.org, openSUSE, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 21/01/2016.
Identifiers: BSA-2016-005, BSA-2016-006, CERTFR-2016-AVI-045, cisco-sa-20160127-ntpd, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158, DLA-559-1, DSA-3629-1, FEDORA-2016-34bc10a2c8, FEDORA-2016-89e0874533, FEDORA-2016-8bb1932088, FEDORA-2016-c3bd6a3496, FreeBSD-SA-16:09.ntp, HPESBHF03750, JSA10776, JSA10796, K00329831, K01324833, K06288381, openSUSE-SU-2016:1292-1, openSUSE-SU-2016:1329-1, openSUSE-SU-2016:1423-1, PAN-SA-2016-0019, RHSA-2016:0063-01, RHSA-2016:0780-01, RHSA-2016:1552-01, RHSA-2016:2583-02, SA113, SOL00329831, SOL01324833, SOL05046514, SOL06288381, SOL13304944, SOL21230183, SOL32790144, SOL71245322, SOL74363721, SSA:2016-054-04, STORM-2016-003, STORM-2016-004, SUSE-SU-2016:1175-1, SUSE-SU-2016:1177-1, SUSE-SU-2016:1247-1, SUSE-SU-2016:1278-1, SUSE-SU-2016:1291-1, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-3096-1, VIGILANCE-VUL-18787.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can generate an infinite loop in ntpq, in order to trigger a denial of service. [severity:2/4; CVE-2015-8158]

The Zero Origin Timestamp value is not correctly checked. [severity:2/4; CVE-2015-8138]

An attacker can trigger a fatal error in Authenticated Broadcast Mode, in order to trigger a denial of service. [severity:2/4; CVE-2015-7979]

An attacker can trigger a fatal error in Recursive Traversal, in order to trigger a denial of service. [severity:2/4; CVE-2015-7978]

An attacker can force a NULL pointer to be dereferenced in reslist, in order to trigger a denial of service. [severity:2/4; CVE-2015-7977]

An attacker can use a filename with special characters in the "ntpq saveconfig" command. [severity:2/4; CVE-2015-7976]

An attacker can generate a buffer overflow in nextvar(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-7975]

An attacker can bypass security features in Skeleton Key, in order to escalate his privileges. [severity:2/4; CVE-2015-7974]

An attacker can use a replay attack against Deja Vu. [severity:2/4; CVE-2015-7973]

An attacker can use a replay attack against ntpq. [severity:2/4; CVE-2015-8140]

An attacker can bypass security features in ntpq and ntpdc, in order to obtain sensitive information. [severity:2/4; CVE-2015-8139]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-6431

Cisco IOS XE: denial of service via MAC Zero

Synthesis of the vulnerability

An unauthenticated attacker, who is adjacent to the device, can send packets with a MAC address of zero to Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Creation date: 22/12/2015.
Identifiers: CERTFR-2015-AVI-560, cisco-sa-2015-1221-iosxe, CSCux48405, CVE-2015-6431, VIGILANCE-VUL-18574.

Description of the vulnerability

A MAC address identifies a hardware device on the LAN. For example 01:23:45:67:89:AB.

However, a packet with a source MAC address of 00:00:00:00:00:00 generates a fatal error in Cisco IOS XE, which forces a device reload.

An unauthenticated attacker, who is adjacent to the device, can therefore send packets with a MAC address of zero to Cisco IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-6429

Cisco IOS, IOS XE: denial of service via IKEv1

Synthesis of the vulnerability

An attacker can send a malicious IKEv1 packet to Cisco IOS or IOS XE, in order to trigger a denial of service on IPsec.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Creation date: 18/12/2015.
Identifiers: CERTFR-2015-AVI-557, cisco-sa-20151218-ios, CSCuw08236, CVE-2015-6429, VIGILANCE-VUL-18561.

Description of the vulnerability

The Cisco IOS and IOS XE product has a service to manage received IKEv1 packets.

However, when a malicious packet is received, a fatal error stops IPsec sessions.

An attacker can therefore send a malicious IKEv1 packet to Cisco IOS or IOS XE, in order to trigger a denial of service on IPsec.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-6359

Cisco IOS XE: denial of service via IPv6 Neighbor Discovery

Synthesis of the vulnerability

An attacker can send numerous IPv6 Neighbor Discovery packets to Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS by Cisco, IOS XE Cisco.
Severity: 1/4.
Creation date: 15/12/2015.
Identifiers: CERTFR-2015-AVI-542, cisco-sa-20151214-ios, CSCup28217, CVE-2015-6359, VIGILANCE-VUL-18520.

Description of the vulnerability

The IPv6 protocol uses Neighbor Discovery packets to configure the network.

However, there is no limit on the number of packets which can be received, which consumes the system memory.

An attacker can therefore send numerous IPv6 Neighbor Discovery packets to Cisco IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-6383

Cisco IOS-XE 3S: privilege escalation

Synthesis of the vulnerability

An authenticated attacker can inject a command on Cisco IOS-XE 3S, in order to escalate his privileges.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 2/4.
Creation date: 01/12/2015.
Revision date: 03/12/2015.
Identifiers: CERTFR-2015-AVI-510, cisco-sa-20151130-asa, cisco-sa-20151130-iosxe3s, CSCuv93130, CVE-2015-6383, VIGILANCE-VUL-18406.

Description of the vulnerability

The Cisco IOS-XE 3S product allows authenticated users to access to the CLI (command-line interface).

However, a CLI command containing a special file name can be used to inject a shell sub-command which runs with root privileges.

An authenticated attacker can therefore inject a command on Cisco IOS-XE 3S, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-7691 CVE-2015-7692 CVE-2015-7701

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: ArubaOS, Blue Coat CAS, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco Unity ~ precise, Debian, ExtremeXOS, Ridgeline, Summit, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, McAfee Web Gateway, Meinberg NTP Server, NetBSD, NTP.org, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, ROX, RuggedSwitch, Slackware, Spectracom SecureSync, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.
Severity: 3/4.
Creation date: 22/10/2015.
Identifiers: 045915, ARUBA-PSA-2015-010, BSA-2016-004, BSA-2016-005, bulletinjan2016, c05270839, CERTFR-2015-AVI-449, cisco-sa-20151021-ntp, CVE-2015-5196-REJECT, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871, DSA-3388-1, FEDORA-2015-77bfbc1bcd, FEDORA-2016-34bc10a2c8, FreeBSD-SA-15:25.ntp, HPSBHF03646, JSA10711, JSA10898, NetBSD-SA2016-001, ntp_advisory4, openSUSE-SU-2015:2016-1, openSUSE-SU-2016:1423-1, RHSA-2015:1930-01, RHSA-2015:2520-01, RHSA-2016:0780-01, RHSA-2016:2583-02, SA103, SB10164, SOL10600056, SOL17515, SOL17516, SOL17517, SOL17518, SOL17521, SOL17522, SOL17524, SOL17525, SOL17526, SOL17527, SOL17528, SOL17529, SOL17530, SOL17566, SSA:2015-302-03, SSA-396873, SSA-472334, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, Synology-SA-18:13, Synology-SA-18:14, TALOS-2015-0052, TALOS-2015-0054, TALOS-2015-0055, TALOS-2015-0062, TALOS-2015-0063, TALOS-2015-0064, TALOS-2015-0065, TALOS-2015-0069, USN-2783-1, VIGILANCE-VUL-18162, VN-2015-009.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can bypass the authentication in crypto-NAK, in order to escalate his privileges. [severity:3/4; CVE-2015-7871, TALOS-2015-0069]

An attacker can trigger a fatal error in decodenetnum, in order to trigger a denial of service. [severity:2/4; CVE-2015-7855]

An attacker can generate a buffer overflow in Password, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7854, TALOS-2015-0065]

An attacker can generate a buffer overflow in refclock, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7853, TALOS-2015-0064]

An attacker can generate a memory corruption in atoascii, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7852, TALOS-2015-0063]

An attacker can traverse directories in saveconfig, in order to read a file outside the root path. [severity:2/4; CVE-2015-7851, TALOS-2015-0062]

An attacker can trigger a fatal error in logfile-keyfile, in order to trigger a denial of service. [severity:2/4; CVE-2015-7850, TALOS-2015-0055]

An attacker can force the usage of a freed memory area in Trusted Key, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7849, TALOS-2015-0054]

An attacker can force a read at an invalid address with a Mode packet, in order to trigger a denial of service. [severity:2/4; CVE-2015-7848, TALOS-2015-0052]

An attacker can create a memory leak in CRYPTO_ASSOC, in order to trigger a denial of service. [severity:2/4; CVE-2015-7701]

An authenticated attacker can use pidfile/driftfile, to corrupt a file with its privileges (VIGILANCE-VUL-17747). [severity:2/4; CVE-2015-5196-REJECT, CVE-2015-7703]

An attacker can trigger a fatal error in the ntp client, in order to trigger a denial of service. [severity:2/4; CVE-2015-7704]

An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2015-7705]

An unknown vulnerability was announced in Autokey. [severity:2/4; CVE-2015-7691]

An unknown vulnerability was announced in Autokey. [severity:2/4; CVE-2015-7692]

An unknown vulnerability was announced in Autokey. [severity:2/4; CVE-2015-7702]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-6278 CVE-2015-6279

Cisco IOS, IOS XE: denial of service via IPv6 First Hop

Synthesis of the vulnerability

An attacker can generate a fatal error in the processing of IPv6 First Hop on Cisco IOS, IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Creation date: 23/09/2015.
Identifiers: 40940, 40941, CERTFR-2015-AVI-407, cisco-sa-20150923-fhs, CSCuo04400, CSCus19794, CVE-2015-6278, CVE-2015-6279, VIGILANCE-VUL-17965.

Description of the vulnerability

Two vulnerabilities were announced in Cisco IOS and IOS XE.

An attacker can send a malicious IPv6 ND CGA (Cryptographically Generated Address) packet, in order to trigger a denial of service. [severity:2/4; 40940, CSCus19794, CVE-2015-6278]

An attacker can send a malicious IPv6 ND for CPPr (Control Plane Protection) packet, in order to trigger a denial of service. [severity:2/4; 40941, CSCuo04400, CVE-2015-6279]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-6282

Cisco IOS XE: denial of service via NAT and MPLS

Synthesis of the vulnerability

An attacker can send a malicious IPv4 packet to Cisco IOS XE with NAT and MPLS, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 3/4.
Creation date: 23/09/2015.
Identifiers: 40939, CERTFR-2015-AVI-407, cisco-sa-20150923-iosxe, CSCut96933, CVE-2015-6282, VIGILANCE-VUL-17964.

Description of the vulnerability

The Cisco IOS XE product can support the MPLS (Multiprotocol Label Switching) service.

However, a malicious IPv4 packet which goes through a NAT with a MPLS service generates a fatal error in Cisco IOS XE on Cisco ASR 1000 Series..

An attacker can therefore send a malicious IPv4 packet to Cisco IOS XE with NAT and MPLS, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-6280

Cisco IOS, IOS XE: access via SSHv2 with RSA

Synthesis of the vulnerability

An attacker can connect via SSHv2 to the account of a Cisco IOS or IOS XE user, in order to perform operations with his privileges.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Creation date: 23/09/2015.
Identifiers: 40938, CERTFR-2015-AVI-407, cisco-sa-20150923-sshpk, CSCus73013, CVE-2015-6280, VIGILANCE-VUL-17963.

Description of the vulnerability

The Cisco IOS or IOS XE product can be configured with a SSHv2 authentication based on RSA user keys.

However, an attacker who knows a username and his RSA public key, can authenticate without knowing his private key.

An attacker can therefore connect via SSHv2 to the account of a Cisco IOS or IOS XE user, in order to perform operations with his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-6294

Cisco IOS XE: denial of service via Cisco Discovery Protocol

Synthesis of the vulnerability

An attacker can send a malicious Cisco Discovery Protocol packet to Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco.
Severity: 2/4.
Creation date: 17/09/2015.
Identifiers: 41006, CSCuu25770, CVE-2015-6294, VIGILANCE-VUL-17918.

Description of the vulnerability

The Cisco IOS XE product has a service to manage received Cisco Discovery Protocol packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious Cisco Discovery Protocol packet to Cisco IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IOS XE Cisco: