CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12355
https://notcve.org/view.php?id=CVE-2017-12355
A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete LPTS frame validation by the affected software. An attacker could exploit this vulnerability by sending crafted XML requests to the management interface of an affected system. A successful exploit could allow the attacker to cause one of the LPTS processes on the affected system to restart unexpectedly, which would impact LPTS traffic and cause a brief DoS condition while the process restarts. Cisco Bug IDs: CSCvf76332. • http://www.securityfocus.com/bid/101989 http://www.securitytracker.com/id/1039927 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6731
https://notcve.org/view.php?id=CVE-2017-6731
A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST. • http://www.securitytracker.com/id/1038820 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-iosxr • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6718
https://notcve.org/view.php?id=CVE-2017-6718
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT. Una vulnerabilidad en la CLI del programa IOS XR de Cisco, podría permitir a un atacante local identificado elevar los privilegios al nivel root. • http://www.securityfocus.com/bid/99226 http://www.securitytracker.com/id/1038741 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios1 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6719
https://notcve.org/view.php?id=CVE-2017-6719
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.1.28i.BASE 6.2.1.22i.BASE 6.1.32.8i.BASE 6.1.31.3i.BASE 6.1.3.10i.BASE. Una vulnerabilidad en la CLI del programa IOS XR de Cisco, podría permitir a un atacante local identificado ejecutar comandos arbitrarios en el sistema operativo host con privilegios root, también se conoce como Inyección de Comando. • http://www.securityfocus.com/bid/99213 http://www.securitytracker.com/id/1038741 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios • CWE-20: Improper Input Validation •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2017-6666
https://notcve.org/view.php?id=CVE-2017-6666
A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE. Una vulnerabilidad en el componente de reenvío del software IOS XR de Cisco para Enrutadores Network Convergence System (NCS) 5500 Series de Cisco, podría permitir a un atacante local identificado causar que el router deje de reenviar el tráfico de datos por medio túneles de Ingeniería de Tráfico (TE), resultando en una condición de denegación de servicio (DoS). • http://www.securityfocus.com/bid/98987 http://www.securitytracker.com/id/1038630 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs •