Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-3403 |
The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647. Published: October 09, 2014; 9:55:09 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3309 |
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318. Published: July 09, 2014; 7:07:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3284 |
Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. Published: May 25, 2014; 6:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.1 MEDIUM |
CVE-2014-3262 |
The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. Published: May 16, 2014; 7:12:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-2183 |
The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. Published: April 29, 2014; 6:37:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.3 MEDIUM |
CVE-2012-5723 |
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. Published: April 24, 2014; 6:55:02 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.1 MEDIUM |
CVE-2014-2143 |
The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. Published: April 04, 2014; 11:10:37 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-6981 |
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. Published: December 27, 2013; 11:53:06 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2013-6979 |
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227. Published: December 23, 2013; 5:55:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2013-6705 |
The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133. Published: December 03, 2013; 2:56:32 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.1 MEDIUM |
CVE-2013-6704 |
Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686. Published: December 03, 2013; 2:56:32 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2013-6706 |
The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. Published: November 28, 2013; 11:33:29 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2013-6692 |
Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949. Published: November 21, 2013; 8:55:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.3 MEDIUM |
CVE-2013-5527 |
The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. Published: October 10, 2013; 6:55:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.7 MEDIUM |
CVE-2013-1165 |
Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293. Published: April 11, 2013; 6:55:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |