CVSS: 8.6EPSS: 0%CPEs: 10EXPL: 0CVE-2018-0117
https://notcve.org/view.php?id=CVE-2018-0117
A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending malicious traffic to the internal distributed instance (DI) network address on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability affects Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software N4.0 through N5.5 with the Cisco StarOS operating system 19.2 through 21.3. • http://www.securityfocus.com/bid/102970 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-vpcdi • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0115
https://notcve.org/view.php?id=CVE-2018-0115
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. • http://www.securityfocus.com/bid/102788 http://www.securitytracker.com/id/1040239 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12217
https://notcve.org/view.php?id=CVE-2017-12217
A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation of GPRS Tunneling Protocol packet headers. An attacker could exploit this vulnerability by sending a malformed GPRS Tunneling Protocol packet to an affected device. A successful exploit could allow the attacker to cause the GTPUMGR process on an affected device to restart unexpectedly, resulting in a partial DoS condition. If the GTPUMGR process restarts, there could be a brief impact on traffic passing through the device. • http://www.securityfocus.com/bid/100642 http://www.securitytracker.com/id/1039276 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-6455
https://notcve.org/view.php?id=CVE-2016-6455
A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147. • http://www.securityfocus.com/bid/94071 http://www.securitytracker.com/id/1037186 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2015-0712
https://notcve.org/view.php?id=CVE-2015-0712
The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217. El servicio de la gestión de sesiones en Cisco StarOS 12.0, 12.2(300), 14.0, y 14.0(600) en los dispositivos ASR 5000 permite a atacantes remotos causar una denegación de servicio (recarga de servicio y perdida de paquete) a través de paquetes HTTP malformados, también conocido como Bug ID CSCud14217. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38580 http://www.securitytracker.com/id/1032219 • CWE-399: Resource Management Errors •