Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ios_xe
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 507 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-04-11 | CVE-2013-1167 | Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558. | Asr_1001, Asr_1002, Asr_1002\-X, Asr_1002_fixed_router, Asr_1004, Asr_1006, Asr_1013, Asr_1023_router, Ios_xe | N/A | ||
| 2013-04-11 | CVE-2013-2779 | Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164. | Asr_1001, Asr_1002, Asr_1002\-X, Asr_1002_fixed_router, Asr_1004, Asr_1006, Asr_1013, Asr_1023_router, Ios_xe | N/A | ||
| 2013-10-31 | CVE-2013-5543 | Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470. | Asr_1001, Asr_1002, Asr_1002\-X, Asr_1004, Asr_1006, Asr_1023_router, Ios_xe | N/A | ||
| 2013-10-31 | CVE-2013-5545 | The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. | Asr_1001, Asr_1002, Asr_1002\-X, Asr_1004, Asr_1006, Asr_1023_router, Ios_xe | N/A | ||
| 2013-10-31 | CVE-2013-5546 | The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509. | Asr_1001, Asr_1002, Asr_1002\-X, Asr_1004, Asr_1006, Asr_1023_router, Ios_xe | N/A | ||
| 2013-10-31 | CVE-2013-5547 | Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269. | Asr_1001, Asr_1002, Asr_1002\-X, Asr_1004, Asr_1006, Asr_1023_router, Ios_xe | N/A | ||
| 2014-04-24 | CVE-2012-5723 | Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. | Asr_1001, Asr_1002, Asr_1002\-X, Asr_1002_fixed_router, Asr_1004, Asr_1006, Asr_1013, Asr_1023_router, Ios_xe | N/A | ||
| 2014-04-29 | CVE-2014-2183 | The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. | Asr_1001, Asr_1002, Asr_1002\-X, Asr_1002_fixed_router, Asr_1004, Asr_1006, Asr_1013, Asr_1023_router, Ios_xe | N/A | ||
| 2014-05-25 | CVE-2014-3284 | Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | Asr_1001, Asr_1002, Asr_1002\-X, Asr_1002_fixed_router, Asr_1004, Asr_1006, Asr_1013, Asr_1023_router, Ios_xe | N/A | ||
| 2019-03-28 | CVE-2019-1745 | A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands. An exploit could allow the attacker to gain root privileges on the affected device. | Ios_xe | 7.8 |