The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IOS XR Cisco

vulnerability alert CVE-2017-3733

OpenSSL: denial of service via the "Encrypt-Then-Mac" option

Synthesis of the vulnerability

An attacker can change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 16/02/2017.
Identifiers: 2003480, 2003620, 2003673, 2004940, CERTFR-2017-AVI-035, cisco-sa-20170130-openssl, cpuapr2019, cpujan2018, cpuoct2017, CVE-2017-3733, HPESBGN03728, VIGILANCE-VUL-21871.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

OpenSSL implements the possibility of renegotiation of TLS option and parameters during a session.

However, for some combinations of algorithms, the negation of the state of the option "Encrypt-Then-Mac" generates a fatal error.

An attacker can therefore change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2016-7055 CVE-2017-3730 CVE-2017-3731

OpenSSL: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 26/01/2017.
Identifiers: 1117414, 2000544, 2000988, 2000990, 2002331, 2004036, 2004940, 2009389, 2010154, 2011567, 2012827, 2014202, 2014651, 2014669, 2015080, BSA-2016-204, BSA-2016-207, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2016-234, bulletinapr2017, bulletinjan2018, bulletinoct2017, CERTFR-2017-AVI-035, CERTFR-2018-AVI-343, cisco-sa-20170130-openssl, cpuapr2017, cpuapr2019, cpujan2018, cpujul2017, cpujul2018, cpuoct2017, CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FG-IR-17-019, FreeBSD-SA-17:02.openssl, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10775, K37526132, K43570545, K44512851, K-510805, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0481-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2017:2011-1, openSUSE-SU-2017:2868-1, openSUSE-SU-2018:0458-1, PAN-70674, PAN-73914, PAN-SA-2017-0012, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2017:0286-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA141, SA40423, SB10188, SSA:2017-041-02, SUSE-SU-2018:0112-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-03, USN-3181-1, VIGILANCE-VUL-21692.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can force a read at an invalid address via Truncated Packet, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-3731]

An attacker can force a NULL pointer to be dereferenced via DHE/ECDHE Parameters, in order to trigger a denial of service. [severity:2/4; CVE-2017-3730]

An attacker can use a carry propagation error via BN_mod_exp(), in order to compute the private key. [severity:1/4; CVE-2017-3732]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2016-7053 CVE-2016-7054 CVE-2016-7055

OpenSSL 1.1: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 1.1.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 10/11/2016.
Revision date: 13/12/2016.
Identifiers: 2004036, 2004940, 2011567, 492284, 492616, bulletinapr2017, CERTFR-2018-AVI-343, cisco-sa-20161114-openssl, cpuapr2019, cpujan2018, cpujul2017, CVE-2016-7053, CVE-2016-7054, CVE-2016-7055, ESA-2016-148, ESA-2016-149, FG-IR-17-019, JSA10775, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2018:0458-1, SA40423, VIGILANCE-VUL-21093.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 1.1.

An attacker can generate a buffer overflow via ChaCha20/Poly1305, in order to trigger a denial of service. [severity:2/4; CVE-2016-7054]

An attacker can force a NULL pointer to be dereferenced via CMS Structures, in order to trigger a denial of service. [severity:2/4; CVE-2016-7053]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-9205

Cisco IOS XR: denial of service via HTTP 2.0

Synthesis of the vulnerability

An attacker can send malicious HTTP 2.0 packets to Cisco IOS XR, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 08/12/2016.
Identifiers: cisco-sa-20161207-ios-xr, CSCvb14425, CVE-2016-9205, VIGILANCE-VUL-21316.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco IOS XR product has a service to manage received HTTP 2.0 packets.

However, when malicious HTTP 2.0 packets are received, a fatal error occurs.

An attacker can therefore send malicious HTTP 2.0 packets to Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2016-9215

Cisco IOS XR: privilege escalation

Synthesis of the vulnerability

An attacker can use an account that is predefined in Cisco IOS XR with a constant password, in order to get administration privileges on the underlying operating system.
Severity: 2/4.
Creation date: 08/12/2016.
Identifiers: cisco-sa-20161207-iosxr, CSCva38434, CVE-2016-9215, VIGILANCE-VUL-21314.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use an account that is predefined in Cisco IOS XR with a constant password, in order to get administration privileges on the underlying operating system.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2016-7426 CVE-2016-7427 CVE-2016-7428

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 10.
Creation date: 21/11/2016.
Identifiers: 2009389, bulletinoct2016, CERTFR-2017-AVI-090, cisco-sa-20161123-ntpd, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2016-9312, FEDORA-2016-7209ab4e02, FEDORA-2016-c198d15316, FEDORA-2016-e8a8561ee7, FreeBSD-SA-16:39.ntp, HPESBHF03883, HPESBUX03706, HPESBUX03885, JSA10776, JSA10796, K51444934, K55405388, K87922456, MBGSA-1605, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2016:3280-1, pfSense-SA-17_03.webgui, RHSA-2017:0252-01, SA139, SSA:2016-326-01, TALOS-2016-0130, TALOS-2016-0131, TALOS-2016-0203, TALOS-2016-0204, USN-3349-1, VIGILANCE-VUL-21170, VU#633847.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can force an assertion error, in order to trigger a denial of service. [severity:2/4; CVE-2016-9311, TALOS-2016-0204]

An attacker can bypass security features via Mode 6, in order to obtain sensitive information. [severity:2/4; CVE-2016-9310, TALOS-2016-0203]

An attacker can trigger a fatal error via Broadcast Mode Replay, in order to trigger a denial of service. [severity:2/4; CVE-2016-7427, TALOS-2016-0131]

An attacker can trigger a fatal error via Broadcast Mode Poll Interval, in order to trigger a denial of service. [severity:2/4; CVE-2016-7428, TALOS-2016-0130]

An attacker can send malicious UDP packets, in order to trigger a denial of service on Windows. [severity:2/4; CVE-2016-9312]

An unknown vulnerability was announced via Zero Origin Timestamp. [severity:2/4; CVE-2016-7431]

An attacker can force a NULL pointer to be dereferenced via _IO_str_init_static_internal(), in order to trigger a denial of service. [severity:2/4; CVE-2016-7434]

An unknown vulnerability was announced via Interface selection. [severity:2/4; CVE-2016-7429]

An attacker can trigger a fatal error via Client Rate Limiting, in order to trigger a denial of service. [severity:2/4; CVE-2016-7426]

An unknown vulnerability was announced via Reboot Sync. [severity:2/4; CVE-2016-7433]
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2016-6428

Cisco IOS XR: privilege escalation via Command-Line Interface

Synthesis of the vulnerability

An attacker can bypass restrictions via Command-Line Interface of Cisco IOS XR, in order to escalate his privileges.
Severity: 2/4.
Creation date: 06/10/2016.
Identifiers: CERTFR-2016-AVI-331, cisco-sa-20161005-iosxr, CSCva38349, CVE-2016-6428, VIGILANCE-VUL-20781.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Command-Line Interface of Cisco IOS XR, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2016-6421

Cisco IOS XR: denial of service via OSPF LSA

Synthesis of the vulnerability

An attacker can send a malicious OSPF LSA packet to Cisco IOS XR, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 29/09/2016.
Identifiers: cisco-sa-20160928-ospf, CSCvb05643, CVE-2016-6421, VIGILANCE-VUL-20729.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco IOS XR product has a service to manage received OSPF LSA packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious OSPF LSA packet to Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2016-7052

OpenSSL 1.0.2i: NULL pointer dereference via CRL

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via a CRL on an application linked to OpenSSL 1.0.2i, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 26/09/2016.
Identifiers: 1996096, 2000095, 2000209, 2003480, 2003620, 2003673, 2008828, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-7052, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FreeBSD-SA-16:27.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2496-1, openSUSE-SU-2018:0458-1, SA132, SB10171, SP-CAAAPUE, SPL-129207, SSA:2016-270-01, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, VIGILANCE-VUL-20701.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL version 1.0.2i product fixed a bug in CRL management.

However, this fix does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via a CRL on an application linked to OpenSSL 1.0.2i, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-6309

OpenSSL 1.1.0a: use after free via TLS

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via TLS on an application linked to OpenSSL 1.1.0a, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 26/09/2016.
Identifiers: 1996096, 2000095, 2000209, 2003480, 2003620, 2003673, 2008828, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, CVE-2016-6309, HPESBHF03856, JSA10759, SA132, TNS-2016-16, VIGILANCE-VUL-20700.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL version 1.1.0a product fixed the CVE-2016-6307 vulnerability.

However, the reception of a TLS message of 16kb frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area via TLS on an application linked to OpenSSL 1.1.0a, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IOS XR Cisco: