Cisco IOS XR vulnerabilities

CVE-2016-1366 [MEDIUM] CWE-264 CVE-2016-1366: The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devi The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.

CVE-2016-1361 [MEDIUM] CWE-399 CVE-2016-1361: Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900.

CVE-2015-6432 [HIGH] CWE-399 CVE-2015-6432: Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly res Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486.

CVE-2015-6301 [MEDIUM] CWE-399 CVE-2015-6301: The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171.

CVE-2015-6297 [MEDIUM] CWE-399 CVE-2015-6297: The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525.

CVE-2015-4285 [MEDIUM] CWE-399 CVE-2015-4285: The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5 The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports contin

CVE-2015-4284 [MEDIUM] CWE-20 CVE-2015-4284: The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670.

CVE-2015-4223 [MEDIUM] CWE-399 CVE-2015-4223: Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478.

CVE-2015-4205 [MEDIUM] CWE-399 CVE-2015-4205: Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chi Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959.

CVE-2015-4195 [MEDIUM] CWE-399 CVE-2015-4195: Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127.

CVE-2015-4191 [MEDIUM] CWE-399 CVE-2015-4191: Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.

CVE-2015-0776 [MEDIUM] CWE-399 CVE-2015-0776: telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566.

CVE-2015-0695 [HIGH] CWE-19 CVE-2015-0695: Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957.

CVE-2015-0694 [MEDIUM] CWE-284 CVE-2015-0694: Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a sin Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.

CVE-2015-0672 [MEDIUM] CWE-399 CVE-2015-0672: The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denia The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822.

CVE-2015-0618 [HIGH] CWE-19 CVE-2015-0618: Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension headers, aka Bug ID CSCuq95241.

CVE-2014-8005 [MEDIUM] CWE-362 CVE-2014-8005: Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.

CVE-2014-3378 [MEDIUM] CWE-20 CVE-2014-3378: tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (proces tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468.

CVE-2014-3377 [MEDIUM] CWE-20 CVE-2014-3377: snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791.

CVE-2014-3376 [MEDIUM] CWE-20 CVE-2014-3376: Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) v Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031.