Cisco IOS XR vulnerabilities

CVE-2018-0136 [HIGH] CWE-20 CVE-2018-0136: A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregati A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packe

CVE-2017-12355 [MEDIUM] CWE-399 CVE-2017-12355: A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete

CVE-2017-6731 [HIGH] CWE-119 CVE-2017-6731: A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IO A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Af

CVE-2017-6719 [MEDIUM] CWE-20 CVE-2017-6719: A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.1.28i.BASE 6.2.1.22i.BASE 6.1.32.8i.BASE 6.1.31.3i.BASE 6.1.3

CVE-2017-6718 [MEDIUM] CWE-20 CVE-2017-6718: A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT.

CVE-2017-6666 [MEDIUM] CVE-2017-6666: A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence S A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affec

CVE-2017-3876 [HIGH] CWE-399 CVE-2017-3876: A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC

CVE-2017-6599 [MEDIUM] CWE-772 CVE-2017-6599: A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software cou A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco IOS XR Software with gRPC enabled.

CVE-2016-9205 [HIGH] CWE-399 CVE-2016-9205: A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauth A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known Affected Releases: 6.1.1.BASE. Known Fixed Releases: 6.1.2.6i.MGBL 6.1.22.9i.MGB

CVE-2016-9215 [HIGH] CWE-264 CVE-2016-9215: A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to t A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE.

CVE-2016-6428 [HIGH] CWE-264 CVE-2016-6428: Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin p Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349.

CVE-2016-6421 [MEDIUM] CWE-399 CVE-2016-6421: Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a craf Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643.

CVE-2016-6415 [HIGH] CWE-200 CVE-2016-6415: The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

CVE-2016-1433 [MEDIUM] CWE-399 CVE-2016-1433: Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289.

CVE-2016-6355 [HIGH] CWE-399 CVE-2016-6355: Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791.

CVE-2016-1456 [HIGH] CWE-264 CVE-2016-1456: The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a p The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721.

CVE-2016-1426 [HIGH] CWE-399 CVE-2016-1426: Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of serv Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819.

CVE-2016-1409 [HIGH] CWE-20 CVE-2016-1409: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3. The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.

CVE-2016-1407 [HIGH] CWE-20 CVE-2016-1407: Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, whic Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576.

CVE-2016-1376 [MEDIUM] CWE-20 CVE-2016-1376: Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a d Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548.