CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2017-6603
https://notcve.org/view.php?id=CVE-2017-6603
A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP. Una vulnerabilidad en los dispositivos Cisco ASR 903 o ASR 920 que funcionan con una tarjeta RSP2 podría permitir a un atacante no autenticado y adyacente provocar una denegación de servicio (DoS) en un sistema de destino debido a un procesamiento incorrecto de paquetes IPv6. • http://www.securityfocus.com/bid/97450 http://www.securitytracker.com/id/1038185 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 0CVE-2017-3859
https://notcve.org/view.php?id=CVE-2017-3859
A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software (3.13 through 3.18) and are listening on the DHCP server port. • http://www.securityfocus.com/bid/97008 http://www.securitytracker.com/id/1038104 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-ztp • CWE-134: Use of Externally-Controlled Format String •