The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IOS XE Cisco

computer vulnerability announce CVE-2016-6474

Cisco IOS, IOS XE: privilege escalation via SSH X.509

Synthesis of the vulnerability

An attacker can bypass restrictions via SSH X.509 of Cisco IOS, IOS XE, in order to escalate his privileges.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 08/12/2016.
Identifiers: cisco-sa-20161207-ios-xe-x509, CSCuv89417, CVE-2016-6474, VIGILANCE-VUL-21317.

Description of the vulnerability

An attacker can bypass restrictions via SSH X.509 of Cisco IOS or IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-9201

Cisco IOS, IOS XE: privilege escalation via Zone-Based Firewall

Synthesis of the vulnerability

An attacker can bypass restrictions via Zone-Based Firewall of Cisco IOS or IOS XE, in order to escalate his privileges.
Impacted products: IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 08/12/2016.
Identifiers: cisco-sa-20161207-ios-zbf, CSCuz21015, CVE-2016-9201, VIGILANCE-VUL-21315.

Description of the vulnerability

An attacker can bypass restrictions via Zone-Based Firewall of Cisco IOS or IOS XE, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-9199

Cisco IOS, IOS XE: directory traversal via Application-Hosting Framework

Synthesis of the vulnerability

An attacker can traverse directories via Application-Hosting Framework of Cisco IOS or IOS XE, in order to read a file outside the service root path.
Impacted products: IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 08/12/2016.
Identifiers: cisco-sa-20161207-caf, CSCvb23331, CVE-2016-9199, VIGILANCE-VUL-21310.

Description of the vulnerability

An attacker can traverse directories via Application-Hosting Framework of Cisco IOS or IOS XE, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-7426 CVE-2016-7427 CVE-2016-7428

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: Blue Coat CAS, Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco MeetingPlace, Cisco Unity ~ precise, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, HP-UX, AIX, Security Directory Server, Juniper J-Series, Junos OS, Junos Space, Meinberg NTP Server, Data ONTAP 7-Mode, NTP.org, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 10.
Creation date: 21/11/2016.
Identifiers: 2009389, bulletinoct2016, CERTFR-2017-AVI-090, cisco-sa-20161123-ntpd, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2016-9312, FEDORA-2016-7209ab4e02, FEDORA-2016-c198d15316, FEDORA-2016-e8a8561ee7, FreeBSD-SA-16:39.ntp, HPESBHF03883, HPESBUX03706, HPESBUX03885, JSA10776, JSA10796, K51444934, K55405388, K87922456, MBGSA-1605, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2016:3280-1, pfSense-SA-17_03.webgui, RHSA-2017:0252-01, SA139, SSA:2016-326-01, TALOS-2016-0130, TALOS-2016-0131, TALOS-2016-0203, TALOS-2016-0204, USN-3349-1, VIGILANCE-VUL-21170, VU#633847.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can force an assertion error, in order to trigger a denial of service. [severity:2/4; CVE-2016-9311, TALOS-2016-0204]

An attacker can bypass security features via Mode 6, in order to obtain sensitive information. [severity:2/4; CVE-2016-9310, TALOS-2016-0203]

An attacker can trigger a fatal error via Broadcast Mode Replay, in order to trigger a denial of service. [severity:2/4; CVE-2016-7427, TALOS-2016-0131]

An attacker can trigger a fatal error via Broadcast Mode Poll Interval, in order to trigger a denial of service. [severity:2/4; CVE-2016-7428, TALOS-2016-0130]

An attacker can send malicious UDP packets, in order to trigger a denial of service on Windows. [severity:2/4; CVE-2016-9312]

An unknown vulnerability was announced via Zero Origin Timestamp. [severity:2/4; CVE-2016-7431]

An attacker can force a NULL pointer to be dereferenced via _IO_str_init_static_internal(), in order to trigger a denial of service. [severity:2/4; CVE-2016-7434]

An unknown vulnerability was announced via Interface selection. [severity:2/4; CVE-2016-7429]

An attacker can trigger a fatal error via Client Rate Limiting, in order to trigger a denial of service. [severity:2/4; CVE-2016-7426]

An unknown vulnerability was announced via Reboot Sync. [severity:2/4; CVE-2016-7433]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-6450

Cisco IOS XE: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Cisco IOS XE, in order to create a file outside the service root path.
Impacted products: IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 15/11/2016.
Identifiers: cisco-sa-20161115-iosxe, CSCva60013, CSCvb22622, CVE-2016-6450, VIGILANCE-VUL-21124.

Description of the vulnerability

An attacker can traverse directories of Cisco IOS XE, in order to create a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-6441

Cisco ASR 900: buffer overflow via TL1

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Transaction Language 1 of Cisco ASR 900, in order to trigger a denial of service, and possibly to run code.
Impacted products: Cisco ASR, IOS XE Cisco.
Severity: 3/4.
Consequences: user access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 02/11/2016.
Identifiers: CERTFR-2016-AVI-366, cisco-sa-20161102-tl1, CSCuy15175, CVE-2016-6441, VIGILANCE-VUL-21018.

Description of the vulnerability

An attacker can generate a buffer overflow via Transaction Language 1 of Cisco ASR 900, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-6438

Cisco cBR-8: privilege escalation via Vty Line

Synthesis of the vulnerability

An attacker can bypass restrictions via Vty Line of Cisco cBR-8, in order to escalate his privileges.
Impacted products: IOS XE Cisco.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 13/10/2016.
Identifiers: CERTFR-2016-AVI-343, cisco-sa-20161012-cbr-8, CSCuz62815, CVE-2016-6438, VIGILANCE-VUL-20860.

Description of the vulnerability

An attacker can bypass restrictions via Vty Line of Cisco cBR-8, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-6423

Cisco IOS, IOS XE: denial of service via IKEv2

Synthesis of the vulnerability

An attacker can send a malicious IKEv2 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 06/10/2016.
Identifiers: CERTFR-2016-AVI-331, cisco-sa-20161005-ios-ikev, CSCux97540, CVE-2016-6423, VIGILANCE-VUL-20780.

Description of the vulnerability

The Cisco IOS and IOS XE product has a service to manage received IKEv2 packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious IKEv2 packet to Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-6289

Cisco IOS, IOS XE: denial of service via TCP

Synthesis of the vulnerability

An attacker can tamper with the TCP packet stream on Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 21/06/2016.
Revisions dates: 19/08/2016, 04/10/2016.
Identifiers: CERTFR-2016-AVI-325, cisco-sa-20160620-isr, CSCuu13476, CVE-2015-6289, VIGILANCE-VUL-19944.

Description of the vulnerability

The Cisco IOS or IOS XE product includes TCP services (SSH, etc.).

However, when TCP packets associated to an existing connection are received out-of-order, a memory leak occurs in Cisco IOS/XE, which leads to a performance drop.

An attacker can therefore tamper with the TCP packet stream on Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-6385

Cisco IOS, IOS XE: memory leak via Smart Install

Synthesis of the vulnerability

An attacker can create a memory leak via Smart Install of Cisco IOS or IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 29/09/2016.
Identifiers: CERTFR-2016-AVI-322, cisco-sa-20160928-smi, CSCuy82367, CVE-2016-6385, VIGILANCE-VUL-20728.

Description of the vulnerability

The Cisco IOS or IOS XE product has a service to manage received Smart Install (4786/tcp) packets.

However, the memory allocated to process some packets is never freed.

An attacker can therefore create a memory leak via Smart Install of Cisco IOS or IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IOS XE Cisco: