CVSS: 7.5EPSS: 1%CPEs: 53EXPL: 0CVE-2017-6729
https://notcve.org/view.php?id=CVE-2017-6729
10 Jul 2017 — A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Seri... • http://www.securityfocus.com/bid/100015 •
CVSS: 9.0EPSS: 0%CPEs: 24EXPL: 0CVE-2017-3819 – Cisco Security Advisory 20170315-asr
https://notcve.org/view.php?id=CVE-2017-3819
15 Mar 2017 — A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface... • http://www.securityfocus.com/bid/96913 • CWE-264: Permissions, Privileges, and Access Controls CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-6455
https://notcve.org/view.php?id=CVE-2016-6455
03 Nov 2016 — A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releas... • http://www.securityfocus.com/bid/94071 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2016-1452
https://notcve.org/view.php?id=CVE-2016-1452
15 Jul 2016 — Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. Dispositivos Cisco ASR 5000 con software 18.3 hasta la versión 20.0.0 permiten a atacantes remotos realizar cambios de configuración sobre SNMP aprovechando los conocimientos de la comunidad de lectura y escritura, también conocido como Bug ID CSCuz29526. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2016-1436
https://notcve.org/view.php?id=CVE-2016-1436
23 Jun 2016 — The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198. La implementación General Packet Radio Switching Tunneling Protocol 1 (también conocido como GTPv1) en dispositivos Cisco ASR 5000 Packet Data Network Gateway en versiones anteriores a 19.4 permite a atacantes remotos causar ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-asr • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2015-6334
https://notcve.org/view.php?id=CVE-2015-6334
16 Oct 2015 — Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984. Dispositivos Cisco ASR 5000 y 5500 con software 18.0.0.57828 y 19.0.M0.61045 permite a atacantes remotos causar una denegación de servicio (reinicio del proceso vpnmgr) a través de una cabecera manipulada en un paquete TACACS, también conocido como Bug ID CSCuw01984. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asr • CWE-20: Improper Input Validation •