CVE-2017-6666
https://notcve.org/view.php?id=CVE-2017-6666
A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE. Una vulnerabilidad en el componente de reenvío del software IOS XR de Cisco para Enrutadores Network Convergence System (NCS) 5500 Series de Cisco, podría permitir a un atacante local identificado causar que el router deje de reenviar el tráfico de datos por medio túneles de Ingeniería de Tráfico (TE), resultando en una condición de denegación de servicio (DoS). • http://www.securityfocus.com/bid/98987 http://www.securitytracker.com/id/1038630 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs •
CVE-2017-3876
https://notcve.org/view.php?id=CVE-2017-3876
A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could allow the attacker to crash the device in such a manner that manual intervention is required to recover. This vulnerability affects all Cisco IOS XR platforms that are running release 6.1.1 of Cisco IOS XR Software when the gRPC service is enabled on the device. • http://www.securityfocus.com/bid/98284 http://www.securitytracker.com/id/1038393 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ios-xr • CWE-399: Resource Management Errors •
CVE-2017-6599
https://notcve.org/view.php?id=CVE-2017-6599
A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco IOS XR Software with gRPC enabled. More Information: CSCvb14433. Known Affected Releases: 6.1.1.BASE 6.2.1.BASE. Known Fixed Releases: 6.2.1.22i.MGBL 6.1.22.9i.MGBL 6.1.21.12i.MGBL 6.1.2.13i.MGBL. • http://www.securityfocus.com/bid/97464 http://www.securitytracker.com/id/1038191 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2016-9215
https://notcve.org/view.php?id=CVE-2016-9215
A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE. Una vulnerabilidad en Cisco IOS XR Software podría permitir a un atacante local autenticado iniciar sesión en el dispositivo con los privilegios de root del usuario. Más Información: CSCva38434. • http://www.securityfocus.com/bid/94812 http://www.securitytracker.com/id/1037418 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-9205
https://notcve.org/view.php?id=CVE-2016-9205
A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known Affected Releases: 6.1.1.BASE. Known Fixed Releases: 6.1.2.6i.MGBL 6.1.22.9i.MGBL 6.2.1.14i.MGBL. Una vulnerabilidad en la petición de código de manejo HTTP 2.0 de Cisco IOS XR Software podría permitir a un atacante remoto no autenticado provocar la caída del demonio Event Management Service (emsd), resultando en una condición de denegación de servicio (DoS). • http://www.securityfocus.com/bid/94813 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr • CWE-399: Resource Management Errors •