Cisco Asr 5000 Software vulnerabilities

CVE-2017-6775 [MEDIUM] CVE-2017-6775: A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco St A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging

CVE-2017-6774 [MEDIUM] CWE-552 CVE-2017-6774: A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operat A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability

CVE-2017-6773 [MEDIUM] CWE-20 CVE-2017-6773: A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco St A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An a

CVE-2017-6729 [HIGH] CVE-2017-6729: A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS op A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vuln

CVE-2017-6690 [MEDIUM] CWE-20 CVE-2017-6690: A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers run A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 2

CVE-2016-6455 [HIGH] CWE-399 CVE-2016-6455: A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Car A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Ca

CVE-2016-1452 [MEDIUM] CWE-200 CVE-2016-1452: Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuratio Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.

CVE-2016-1436 [HIGH] CWE-119 CVE-2016-1436: The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198.

CVE-2015-6351 [MEDIUM] CWE-20 CVE-2015-6351: Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19 Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781.

CVE-2015-6340 [MEDIUM] CWE-119 CVE-2015-6340: The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with s The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280.

CVE-2015-6334 [MEDIUM] CWE-20 CVE-2015-6334: Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984.