CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0CVE-2017-6795
https://notcve.org/view.php?id=CVE-2017-6795
07 Sep 2017 — A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A succes... • http://www.securityfocus.com/bid/100656 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2017-6603
https://notcve.org/view.php?id=CVE-2017-6603
07 Apr 2017 — A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP. Una vulnerabilidad en los dispositivos Cisco ASR 903 o ASR 920 que funcionan con una tarjeta RSP2 podría permitir a un atacante no autenticado y adyace... • http://www.securityfocus.com/bid/97450 •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 0CVE-2017-3859 – Cisco Security Advisory 20170322-ztp
https://notcve.org/view.php?id=CVE-2017-3859
22 Mar 2017 — A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to relo... • http://www.securityfocus.com/bid/97008 • CWE-134: Use of Externally-Controlled Format String •