The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IOS by Cisco

computer vulnerability note 25809

Cisco IOS / IOS XE: security improvement of Smart Install

Synthesis of the vulnerability

The security of Cisco IOS / IOS XE can be improved by securing Smart Install.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: no consequence.
Provenance: intranet client.
Creation date: 10/04/2018.
Identifiers: cisco-sa-20180409-smi, VIGILANCE-VUL-25809.

Description of the vulnerability

This bulletin is about a security improvement.

It does not describe a vulnerability.

The security of Cisco IOS / IOS XE can be improved by securing Smart Install.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-0167 CVE-2018-0175

Cisco IOS / IOS XE / IOS XR: memory corruption via LLDP

Synthesis of the vulnerability

An attacker can generate a memory corruption via LLDP of Cisco IOS / IOS XE / IOS XR, in order to trigger a denial of service, and possibly to run code.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco Router.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: LAN.
Number of vulnerabilities in this bulletin: 2.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-lldp, CSCuo17183, CSCvd73487, CSCvd73664, CVE-2018-0167, CVE-2018-0175, VIGILANCE-VUL-25697.

Description of the vulnerability

An attacker can generate a memory corruption via LLDP of Cisco IOS / IOS XE / IOS XR, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0158

Cisco IOS / IOS XE: memory leak via IKEv1

Synthesis of the vulnerability

An attacker can create a memory leak via IKEv1 of Cisco IOS / IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-ike, CSCvf22394, CVE-2018-0158, VIGILANCE-VUL-25695.

Description of the vulnerability

An attacker can create a memory leak via IKEv1 of Cisco IOS / IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0159

Cisco IOS / IOS XE: denial of service via IKEv1

Synthesis of the vulnerability

An attacker can send malicious IKEv1 packets to Cisco IOS / IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-ike-dos, CSCuj73916, CVE-2018-0159, VIGILANCE-VUL-25694.

Description of the vulnerability

An attacker can send malicious IKEv1 packets to Cisco IOS / IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-0163

Cisco IOS: privilege escalation via 802.1x Multiple-Authentication

Synthesis of the vulnerability

An attacker can bypass restrictions via 802.1x Multiple-Authentication of Cisco IOS, in order to escalate his privileges.
Impacted products: Cisco Catalyst, IOS by Cisco, Cisco Router.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-dot1x, CSCvg69701, CVE-2018-0163, VIGILANCE-VUL-25691.

Description of the vulnerability

An attacker can bypass restrictions via 802.1x Multiple-Authentication of Cisco IOS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0154

Cisco IOS: denial of service via ISM-VPN Crypto Engine

Synthesis of the vulnerability

An attacker can generate a fatal error via ISM-VPN Crypto Engine of Cisco IOS, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-dos, CSCvd39267, CVE-2018-0154, VIGILANCE-VUL-25690.

Description of the vulnerability

An attacker can generate a fatal error via ISM-VPN Crypto Engine of Cisco IOS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-0174

Cisco IOS / IOS XE: denial of service via DHCPv4 Option 82 Relay

Synthesis of the vulnerability

An attacker can generate a fatal error via DHCPv4 Option 82 Relay of Cisco IOS / IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-dhcpr3, CSCuh91645, CVE-2018-0174, VIGILANCE-VUL-25689.

Description of the vulnerability

An attacker can generate a fatal error via DHCPv4 Option 82 Relay of Cisco IOS / IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-0173

Cisco IOS / IOS XE: denial of service via DHCPv4 Option 82 Relay

Synthesis of the vulnerability

An attacker can generate a fatal error via DHCPv4 Option 82 Relay of Cisco IOS / IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-dhcpr2, CSCvg62754, CVE-2018-0173, VIGILANCE-VUL-25688.

Description of the vulnerability

An attacker can generate a fatal error via DHCPv4 Option 82 Relay of Cisco IOS / IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-0172

Cisco IOS / IOS XE: buffer overflow via DHCPv4 Option 82 Relay

Synthesis of the vulnerability

An attacker can generate a buffer overflow via DHCPv4 Option 82 Relay of Cisco IOS / IOS XE, in order to trigger a denial of service, and possibly to run code.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, cisco-sa-20180328-dhcpr1, CSCvg62730, CVE-2018-0172, VIGILANCE-VUL-25687.

Description of the vulnerability

An attacker can generate a buffer overflow via DHCPv4 Option 82 Relay of Cisco IOS / IOS XE, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0189

Cisco IOS / IOS XE: denial of service via Forwarding Information Base

Synthesis of the vulnerability

An attacker can generate a fatal error via Forwarding Information Base of Cisco IOS / IOS XE, in order to trigger a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 29/03/2018.
Identifiers: CERTFR-2018-AVI-156, CSCva91655, CVE-2018-0189, VIGILANCE-VUL-25682.

Description of the vulnerability

An attacker can generate a fatal error via Forwarding Information Base of Cisco IOS / IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IOS by Cisco: