Cisco Asr 5000 Series Software vulnerabilities

CVE-2018-0256 [MEDIUM] CWE-20 CVE-2018-0256: A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Ga A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager (SESSMGR) process on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect validation of peer-to-peer pack

CVE-2017-6612 [HIGH] CWE-119 CVE-2017-6612: A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Service A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927.

CVE-2017-6672 [HIGH] CWE-863 CVE-2017-6672: A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Se A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc8

CVE-2017-3819 [HIGH] CWE-264 CVE-2017-3819: A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating sys A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of param

CVE-2016-9216 [MEDIUM] CWE-399 CVE-2016-9216: An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Soft An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More Information: CSCuy06917 CSCuy45036 CSCuy59525. Known Affected Releases: 20.0.0 20.0.M0.62842 20.0.v0 20.0.M0.63229 20.1.0 20.1.a0 20.1.v0 21.0.0 21.0.v0.

CVE-2016-9203 [HIGH] CWE-119 CVE-2016-9203: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Soft A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. More Information: CSCvb38398. Known Affected Releases: 20.2.3 20.2.3.65026. Known Fixed Releases: 21.1.M0.65431 21.1.PP0.65733 21.1.R0.65467 21.1.R0.65496 21.1

CVE-2016-6467 [HIGH] CWE-399 CVE-2016-6467: A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router ( A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 2

CVE-2016-6466 [HIGH] CWE-399 CVE-2016-6466: A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an un A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This vulnerability affects the following Cisco products: Cisco ASR 5000/5500 Series route

CVE-2016-1335 [HIGH] CWE-264 CVE-2016-1335: The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 500 The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCu

CVE-2015-6382 [MEDIUM] CWE-399 CVE-2015-6382: Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service ( Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815.

CVE-2015-6256 [MEDIUM] CWE-20 CVE-2015-6256: Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of servi Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820.

CVE-2015-4275 [MEDIUM] CWE-399 CVE-2015-4275: The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.5 The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534.

CVE-2015-4273 [MEDIUM] CWE-20 CVE-2015-4273: The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912 The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476.

CVE-2015-4244 [HIGH] CWE-78 CVE-2015-4244: The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278.

CVE-2015-4201 [MEDIUM] CWE-20 CVE-2015-4201: The Gateway General Packet Radio Service Support Node (GGSN) component on Cisco ASR 5000 devices wit The Gateway General Packet Radio Service Support Node (GGSN) component on Cisco ASR 5000 devices with software 17.2.0.59184 and 18.0.L0.59219 allows remote attackers to cause a denial of service (Session Manager restart) via an invalid TCP/IP header, aka Bug ID CSCut68058.

CVE-2014-3331 [MEDIUM] CWE-20 CVE-2014-3331: The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Soft The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID CSCuo21914.