CVSS: 8.6EPSS: 0%CPEs: 10EXPL: 0CVE-2019-1869 – Cisco StarOS Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1869
20 Jun 2019 — A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could al... • http://www.securityfocus.com/bid/108853 • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0369
https://notcve.org/view.php?id=CVE-2018-0369
16 Jul 2018 — A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. T... • http://www.securityfocus.com/bid/104723 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0256
https://notcve.org/view.php?id=CVE-2018-0256
19 Apr 2018 — A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager (SESSMGR) process on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect validation of peer-to-peer packet headers. An attacker could exploit this vulnerability by sending a crafted peer-to-peer packet through an affected device. A successful exploit could allow... • http://www.securityfocus.com/bid/103951 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 8EXPL: 0CVE-2018-0273
https://notcve.org/view.php?id=CVE-2018-0273
19 Apr 2018 — A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability b... • http://www.securityfocus.com/bid/103935 • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2018-0217
https://notcve.org/view.php?id=CVE-2018-0217
08 Mar 2018 — A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are supplied to certain configurations in the CLI of the affected operating system. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable CLI command for an affected system. A su... • http://www.securityfocus.com/bid/103346 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0224
https://notcve.org/view.php?id=CVE-2018-0224
08 Mar 2018 — A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A suc... • http://www.securityfocus.com/bid/103344 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 10EXPL: 0CVE-2018-0117
https://notcve.org/view.php?id=CVE-2018-0117
08 Feb 2018 — A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending malicious traffic to the internal distribu... • http://www.securityfocus.com/bid/102970 • CWE-20: Improper Input Validation •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0122
https://notcve.org/view.php?id=CVE-2018-0122
08 Feb 2018 — A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A suc... • http://www.securityfocus.com/bid/103028 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0115
https://notcve.org/view.php?id=CVE-2018-0115
18 Jan 2018 — A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root p... • http://www.securityfocus.com/bid/102788 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6775
https://notcve.org/view.php?id=CVE-2017-6775
17 Aug 2017 — A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain a... • http://www.securityfocus.com/bid/100381 •