The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IOS XE Cisco

computer vulnerability CVE-2015-6278 CVE-2015-6279

Cisco IOS, IOS XE: denial of service via IPv6 First Hop

Synthesis of the vulnerability

An attacker can generate a fatal error in the processing of IPv6 First Hop on Cisco IOS, IOS XE, in order to trigger a denial of service.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Creation date: 23/09/2015.
Identifiers: 40940, 40941, CERTFR-2015-AVI-407, cisco-sa-20150923-fhs, CSCuo04400, CSCus19794, CVE-2015-6278, CVE-2015-6279, VIGILANCE-VUL-17965.

Description of the vulnerability

Two vulnerabilities were announced in Cisco IOS and IOS XE.

An attacker can send a malicious IPv6 ND CGA (Cryptographically Generated Address) packet, in order to trigger a denial of service. [severity:2/4; 40940, CSCus19794, CVE-2015-6278]

An attacker can send a malicious IPv6 ND for CPPr (Control Plane Protection) packet, in order to trigger a denial of service. [severity:2/4; 40941, CSCuo04400, CVE-2015-6279]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-6282

Cisco IOS XE: denial of service via NAT and MPLS

Synthesis of the vulnerability

An attacker can send a malicious IPv4 packet to Cisco IOS XE with NAT and MPLS, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 3/4.
Creation date: 23/09/2015.
Identifiers: 40939, CERTFR-2015-AVI-407, cisco-sa-20150923-iosxe, CSCut96933, CVE-2015-6282, VIGILANCE-VUL-17964.

Description of the vulnerability

The Cisco IOS XE product can support the MPLS (Multiprotocol Label Switching) service.

However, a malicious IPv4 packet which goes through a NAT with a MPLS service generates a fatal error in Cisco IOS XE on Cisco ASR 1000 Series..

An attacker can therefore send a malicious IPv4 packet to Cisco IOS XE with NAT and MPLS, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-6280

Cisco IOS, IOS XE: access via SSHv2 with RSA

Synthesis of the vulnerability

An attacker can connect via SSHv2 to the account of a Cisco IOS or IOS XE user, in order to perform operations with his privileges.
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Creation date: 23/09/2015.
Identifiers: 40938, CERTFR-2015-AVI-407, cisco-sa-20150923-sshpk, CSCus73013, CVE-2015-6280, VIGILANCE-VUL-17963.

Description of the vulnerability

The Cisco IOS or IOS XE product can be configured with a SSHv2 authentication based on RSA user keys.

However, an attacker who knows a username and his RSA public key, can authenticate without knowing his private key.

An attacker can therefore connect via SSHv2 to the account of a Cisco IOS or IOS XE user, in order to perform operations with his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-6294

Cisco IOS XE: denial of service via Cisco Discovery Protocol

Synthesis of the vulnerability

An attacker can send a malicious Cisco Discovery Protocol packet to Cisco IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco.
Severity: 2/4.
Creation date: 17/09/2015.
Identifiers: 41006, CSCuu25770, CVE-2015-6294, VIGILANCE-VUL-17918.

Description of the vulnerability

The Cisco IOS XE product has a service to manage received Cisco Discovery Protocol packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious Cisco Discovery Protocol packet to Cisco IOS XE, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-6274

Cisco ASR 1000: denial of service via IPv4 Fragments

Synthesis of the vulnerability

An attacker can send numerous fragmented IPv4 packets to Cisco ASR 1000, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 2/4.
Creation date: 01/09/2015.
Identifiers: 40708, CSCuv71273, CVE-2015-6274, VIGILANCE-VUL-17782.

Description of the vulnerability

The Cisco ASR 1000 product reassembles IPv4 packets.

However, when there are more than 100000 packets per second, the reassembly operation overloads the QFP (Cisco QuantumFlow Processor).

An attacker can therefore send numerous fragmented IPv4 packets to Cisco ASR 1000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-6273

Cisco ASR 1000: denial of service of VFR via IP

Synthesis of the vulnerability

An attacker can send a malicious IP packet to Cisco ASR 1000, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 3/4.
Creation date: 28/08/2015.
Identifiers: 40690, CSCtd19103, CSCte93229, CSCtf87624, CSCti63623, CVE-2015-6273, VIGILANCE-VUL-17773.

Description of the vulnerability

The Cisco ASR 1000 product has a service to manage received IP packets.

However, when a malicious packet is received, a fatal error occurs in VFR (Virtual Fragment Reassembly).

An attacker can therefore send a malicious IP packet to Cisco ASR 1000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-6269

Cisco ASR 1000: denial of service via IP

Synthesis of the vulnerability

An attacker can send a malicious IP packet to Cisco ASR 1000, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 3/4.
Creation date: 28/08/2015.
Identifiers: 40686, CSCsw69990, CVE-2015-6269, VIGILANCE-VUL-17772.

Description of the vulnerability

The Cisco ASR 1000 product has a service to manage received IP packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IP packet to Cisco ASR 1000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-6271

Cisco ASR 1000: denial of service via SIP

Synthesis of the vulnerability

An attacker can send a malicious SIP packet to Cisco ASR 1000, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 2/4.
Creation date: 28/08/2015.
Identifiers: 40688, CSCta74749, CSCta77008, CVE-2015-6271, VIGILANCE-VUL-17771.

Description of the vulnerability

The Cisco ASR 1000 product has a service to manage received SIP packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious SIP packet to Cisco ASR 1000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-6270

Cisco ASR 1000: denial of service via IPv6

Synthesis of the vulnerability

An attacker can send a malicious IPv6 packet to Cisco ASR 1000, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 3/4.
Creation date: 28/08/2015.
Identifiers: 40687, CSCsv98555, CVE-2015-6270, VIGILANCE-VUL-17770.

Description of the vulnerability

The Cisco ASR 1000 product has a service to manage received IPv6 packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IPv6 packet to Cisco ASR 1000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-6272

Cisco ASR 1000: denial of service via H.323

Synthesis of the vulnerability

An attacker can send a malicious H.323 packet to Cisco ASR 1000, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 2/4.
Creation date: 28/08/2015.
Identifiers: 40689, CSCsw93064, CSCsx07094, CSCsx35393, CVE-2015-6272, VIGILANCE-VUL-17769.

Description of the vulnerability

The Cisco ASR 1000 product has a service to manage received H.323 packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious H.323 packet to Cisco ASR 1000, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IOS XE Cisco: