The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IOS by Cisco

computer vulnerability CVE-2017-12304

Cisco IOS, IOS XE: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco IOS or IOS XE, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-ios, CSCvf60862, CVE-2017-12304, VIGILANCE-VUL-24475.

Description of the vulnerability

The Cisco IOS and IOS XE product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco IOS or IOS XE, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-12279

Cisco Aironet: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Cisco Aironet, in order to obtain sensitive information.
Impacted products: Cisco Aironet, IOS by Cisco.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-389, cisco-sa-20171101-iosap, CSCvc21581, CVE-2017-12279, VIGILANCE-VUL-24288.

Description of the vulnerability

An attacker can bypass access restrictions to data of Cisco Aironet, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-12233 CVE-2017-12234

Cisco IOS: denial of service via CIP

Synthesis of the vulnerability

An attacker can generate a fatal error via CIP of Cisco IOS, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-cip, CSCuz95334, CSCvc43709, CVE-2017-12233, CVE-2017-12234, VIGILANCE-VUL-23955.

Description of the vulnerability

An attacker can generate a fatal error via CIP of Cisco IOS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-12237

Cisco IOS, IOS XE: denial of service via IKEv2

Synthesis of the vulnerability

An attacker can generate a fatal error via IKEv2 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-ike, CSCvc41277, CVE-2017-12237, VIGILANCE-VUL-23954.

Description of the vulnerability

An attacker can generate a fatal error via IKEv2 of Cisco IOS and IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12231

Cisco IOS: denial of service via NAT

Synthesis of the vulnerability

An attacker can generate a fatal error via NAT of Cisco IOS, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-nat, CSCvc57217, CVE-2017-12231, VIGILANCE-VUL-23952.

Description of the vulnerability

An attacker can generate a fatal error via NAT of Cisco IOS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-12228

Cisco IOS, IOS XE: Man-in-the-Middle via Cisco Network Plug and Play

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via Cisco Network Plug and Play on Cisco IOS and IOS XE, in order to read or write data in the session.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-pnp, CSCvc33171, CVE-2017-12228, VIGILANCE-VUL-23950.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle via Cisco Network Plug and Play on Cisco IOS and IOS XE, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-12235

Cisco IOS: denial of service via PROFINET

Synthesis of the vulnerability

An attacker can generate a fatal error via PROFINET of Cisco IOS, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-profinet, CSCuz47179, CVE-2017-12235, VIGILANCE-VUL-23949.

Description of the vulnerability

An attacker can generate a fatal error via PROFINET of Cisco IOS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-12232

Cisco ISR G2: denial of service via Ethernet Frames

Synthesis of the vulnerability

An attacker can generate a fatal error via Ethernet Frames of Cisco ISR G2, in order to trigger a denial of service.
Impacted products: IOS by Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-rbip-dos, CSCvc03809, CVE-2017-12232, VIGILANCE-VUL-23948.

Description of the vulnerability

An attacker can generate a fatal error via Ethernet Frames of Cisco ISR G2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-12238

Cisco Catalyst 6800: denial of service via VPLS

Synthesis of the vulnerability

An attacker can generate a fatal error via VPLS of Cisco Catalyst 6800, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-vpls, CSCva61927, CVE-2017-12238, VIGILANCE-VUL-23947.

Description of the vulnerability

An attacker can generate a fatal error via VPLS of Cisco Catalyst 6800, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-12240

Cisco IOS, IOS XE: code execution via DHCP Relay Subsystem

Synthesis of the vulnerability

An attacker can use a vulnerability via DHCP Relay Subsystem of Cisco IOS and IOS XE, in order to run code.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: LAN.
Creation date: 28/09/2017.
Identifiers: CERTFR-2017-AVI-325, cisco-sa-20170927-dhcp, CSCsm45390, CSCuw77959, CVE-2017-12240, VIGILANCE-VUL-23946.

Description of the vulnerability

An attacker can use a vulnerability via DHCP Relay Subsystem of Cisco IOS and IOS XE, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IOS by Cisco: