The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IOS XE Cisco

computer weakness note CVE-2013-0149

OSPF: corrupting the routing database

Synthesis of the vulnerability

An attacker can spoof OSPF messages, in order to corrupt the routing database.
Severity: 3/4.
Creation date: 02/08/2013.
Revisions dates: 01/08/2014, 14/02/2017.
Identifiers: BID-61566, c03880910, CERTA-2013-AVI-458, CERTA-2013-AVI-487, CERTA-2013-AVI-508, cisco-sa-20130801-lsaospf, CQ95773, CSCug34469, CSCug34485, CSCug39762, CSCug39795, CSCug63304, CVE-2013-0149, HPSBHF02912, JSA10575, JSA10580, JSA10582, PR 878639, PR 895456, sk94490, SUSE-SU-2014:0879-1, VIGILANCE-VUL-13192, VU#229804.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The RFC 2328 defines the OSPF protocol (Open Shortest Path First) which established IP routes, using LSA (Link State Advertisement) messages.

The LSA Type 1 Update (LSU, Link-State Update) message is used to update the routing database. However, the RFC does not request to check the "Link State ID" and "Advertising Router" fields of LSU messages. Several implementations (Cisco, Juniper, etc.) therefore do not perform this check.

An attacker can thus spoof a LSU message if he knows:
 - the IP address of the target router
 - LSA DB sequence numbers
 - the router ID of the OSPF Designated Router

An attacker can therefore spoof OSPF messages, in order to corrupt the routing database.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2017-3820

Cisco ASR: denial of service via SNMP

Synthesis of the vulnerability

An authenticated attacker can send polling SNMP packets to Cisco ASR, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 02/02/2017.
Identifiers: cisco-sa-20170201-asrsnmp, CSCux68796, CVE-2017-3820, VIGILANCE-VUL-21744.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An authenticated attacker can send polling SNMP packets to Cisco ASR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2016-7055 CVE-2017-3730 CVE-2017-3731

OpenSSL: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 26/01/2017.
Identifiers: 1117414, 2000544, 2000988, 2000990, 2002331, 2004036, 2004940, 2009389, 2010154, 2011567, 2012827, 2014202, 2014651, 2014669, 2015080, BSA-2016-204, BSA-2016-207, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2016-234, bulletinapr2017, bulletinjan2018, bulletinoct2017, CERTFR-2017-AVI-035, CERTFR-2018-AVI-343, cisco-sa-20170130-openssl, cpuapr2017, cpuapr2019, cpujan2018, cpujul2017, cpujul2018, cpuoct2017, CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FG-IR-17-019, FreeBSD-SA-17:02.openssl, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10775, K37526132, K43570545, K44512851, K-510805, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0481-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2017:2011-1, openSUSE-SU-2017:2868-1, openSUSE-SU-2018:0458-1, PAN-70674, PAN-73914, PAN-SA-2017-0012, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2017:0286-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA141, SA40423, SB10188, SSA:2017-041-02, SUSE-SU-2018:0112-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-03, USN-3181-1, VIGILANCE-VUL-21692.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can force a read at an invalid address via Truncated Packet, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-3731]

An attacker can force a NULL pointer to be dereferenced via DHE/ECDHE Parameters, in order to trigger a denial of service. [severity:2/4; CVE-2017-3730]

An attacker can use a carry propagation error via BN_mod_exp(), in order to compute the private key. [severity:1/4; CVE-2017-3732]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2016-6474

Cisco IOS, IOS XE: privilege escalation via SSH X.509

Synthesis of the vulnerability

An attacker can bypass restrictions via SSH X.509 of Cisco IOS, IOS XE, in order to escalate his privileges.
Severity: 3/4.
Creation date: 08/12/2016.
Identifiers: cisco-sa-20161207-ios-xe-x509, CSCuv89417, CVE-2016-6474, VIGILANCE-VUL-21317.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via SSH X.509 of Cisco IOS or IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2016-9201

Cisco IOS, IOS XE: privilege escalation via Zone-Based Firewall

Synthesis of the vulnerability

An attacker can bypass restrictions via Zone-Based Firewall of Cisco IOS or IOS XE, in order to escalate his privileges.
Severity: 2/4.
Creation date: 08/12/2016.
Identifiers: cisco-sa-20161207-ios-zbf, CSCuz21015, CVE-2016-9201, VIGILANCE-VUL-21315.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Zone-Based Firewall of Cisco IOS or IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2016-9199

Cisco IOS, IOS XE: directory traversal via Application-Hosting Framework

Synthesis of the vulnerability

An attacker can traverse directories via Application-Hosting Framework of Cisco IOS or IOS XE, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 08/12/2016.
Identifiers: cisco-sa-20161207-caf, CSCvb23331, CVE-2016-9199, VIGILANCE-VUL-21310.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories via Application-Hosting Framework of Cisco IOS or IOS XE, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2016-7426 CVE-2016-7427 CVE-2016-7428

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 10.
Creation date: 21/11/2016.
Identifiers: 2009389, bulletinoct2016, CERTFR-2017-AVI-090, cisco-sa-20161123-ntpd, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2016-9312, FEDORA-2016-7209ab4e02, FEDORA-2016-c198d15316, FEDORA-2016-e8a8561ee7, FreeBSD-SA-16:39.ntp, HPESBHF03883, HPESBUX03706, HPESBUX03885, JSA10776, JSA10796, K51444934, K55405388, K87922456, MBGSA-1605, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2016:3280-1, pfSense-SA-17_03.webgui, RHSA-2017:0252-01, SA139, SSA:2016-326-01, TALOS-2016-0130, TALOS-2016-0131, TALOS-2016-0203, TALOS-2016-0204, USN-3349-1, VIGILANCE-VUL-21170, VU#633847.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can force an assertion error, in order to trigger a denial of service. [severity:2/4; CVE-2016-9311, TALOS-2016-0204]

An attacker can bypass security features via Mode 6, in order to obtain sensitive information. [severity:2/4; CVE-2016-9310, TALOS-2016-0203]

An attacker can trigger a fatal error via Broadcast Mode Replay, in order to trigger a denial of service. [severity:2/4; CVE-2016-7427, TALOS-2016-0131]

An attacker can trigger a fatal error via Broadcast Mode Poll Interval, in order to trigger a denial of service. [severity:2/4; CVE-2016-7428, TALOS-2016-0130]

An attacker can send malicious UDP packets, in order to trigger a denial of service on Windows. [severity:2/4; CVE-2016-9312]

An unknown vulnerability was announced via Zero Origin Timestamp. [severity:2/4; CVE-2016-7431]

An attacker can force a NULL pointer to be dereferenced via _IO_str_init_static_internal(), in order to trigger a denial of service. [severity:2/4; CVE-2016-7434]

An unknown vulnerability was announced via Interface selection. [severity:2/4; CVE-2016-7429]

An attacker can trigger a fatal error via Client Rate Limiting, in order to trigger a denial of service. [severity:2/4; CVE-2016-7426]

An unknown vulnerability was announced via Reboot Sync. [severity:2/4; CVE-2016-7433]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-6450

Cisco IOS XE: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Cisco IOS XE, in order to create a file outside the service root path.
Severity: 2/4.
Creation date: 15/11/2016.
Identifiers: cisco-sa-20161115-iosxe, CSCva60013, CSCvb22622, CVE-2016-6450, VIGILANCE-VUL-21124.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories of Cisco IOS XE, in order to create a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2016-6441

Cisco ASR 900: buffer overflow via TL1

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Transaction Language 1 of Cisco ASR 900, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 02/11/2016.
Identifiers: CERTFR-2016-AVI-366, cisco-sa-20161102-tl1, CSCuy15175, CVE-2016-6441, VIGILANCE-VUL-21018.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via Transaction Language 1 of Cisco ASR 900, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-6438

Cisco cBR-8: privilege escalation via Vty Line

Synthesis of the vulnerability

An attacker can bypass restrictions via Vty Line of Cisco cBR-8, in order to escalate his privileges.
Severity: 2/4.
Creation date: 13/10/2016.
Identifiers: CERTFR-2016-AVI-343, cisco-sa-20161012-cbr-8, CSCuz62815, CVE-2016-6438, VIGILANCE-VUL-20860.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Vty Line of Cisco cBR-8, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IOS XE Cisco: