CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6467
https://notcve.org/view.php?id=CVE-2016-6467
A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 21.0.0 21.0.0.65256 21.0.M0.64970 21.0.V0.65150 21.1.A0.64973 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.VC0.65203. Una vulnerabilidad en el reensamblaje de fragmentos de paquetes IPv6 de StarOS para Cisco Aggregation Services Router (ASR) 5000 Series Switch puede permitir a un atacante remoto no autenticado provocar un reinicio inesperado del proceso Network Processing Unit (NPU). • http://www.securityfocus.com/bid/94772 http://www.securitytracker.com/id/1037416 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9203
https://notcve.org/view.php?id=CVE-2016-9203
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. More Information: CSCvb38398. Known Affected Releases: 20.2.3 20.2.3.65026. Known Fixed Releases: 21.1.M0.65431 21.1.PP0.65733 21.1.R0.65467 21.1.R0.65496 21.1.VC0.65434 21.1.VC0.65489 21.2.A0.65437. Una vulnerabilidad en la característica Internet Key Exchange Version 2 (IKEv2) de Cisco ASR 5000 Series Software podría permitir a un atacante remoto no autenticado provocar el reinicio del proceso ipsecmgr. • http://www.securityfocus.com/bid/94790 http://www.securitytracker.com/id/1037413 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6466
https://notcve.org/view.php?id=CVE-2016-6466
A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This vulnerability affects the following Cisco products: Cisco ASR 5000/5500 Series routers, Cisco Virtualized Packet Core (VPC). More Information: CSCva13631. Known Affected Releases: 20.0.0 20.1.0 20.2.0 20.2.3 20.2.v1 21.0.0 21.0.M0.64246. Known Fixed Releases: 20.2.3 20.2.3.65026 20.2.a4.65307 20.2.v1 20.2.v1.65353 20.3.M0.65037 20.3.T0.65043 21.0.0 21.0.0.65256 21.0.M0.64595 21.0.M0.64860 21.0.M0.65140 21.0.V0.65052 21.0.V0.65150 21.0.V0.65366 21.0.VC0.64639 21.1.A0.64861 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.64898 21.1.VC0.65203 21.2.A0.65147. • http://www.securityfocus.com/bid/94361 http://www.securitytracker.com/id/1037308 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1335
https://notcve.org/view.php?id=CVE-2016-1335
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492. La implementación de SSH en Cisco StarOS en versiones anteriores a 19.3.M0.62771 y 20.x en versiones anteriores a 20.0.M0.62768 en dispositivos ASR 5000 no maneja correctamente una configuración de autenticación de clave pública multi usuario, lo que permite a usuarios remotos autenticados obtener privilegios estableciendo una conexión desde un dispositivo final que fue previamente utilizado para la conexión de un administrador, también conocida como Bug ID CSCux22492. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-asr http://www.securitytracker.com/id/1035062 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6382
https://notcve.org/view.php?id=CVE-2015-6382
Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815. Dispositivos Cisco ASR 5000 con software 16.0(900) permiten a atacantes remotos provocar una denegación de servicio (reinicio de proceso telnetd) a través de una conexión TELNET, también conocido como Bug ID CSCuv25815. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-asr5000 http://www.securitytracker.com/id/1034254 • CWE-399: Resource Management Errors •